php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

CLSA-2026-1769445556 php: Fix of CVE-2025-14178

CVE-2025-14178: fix heap buffer overflow in arraymerge due to integer overflow in zendhashnumelements precomputation...

CLSA-2026-1768300005 php: Fix of CVE-2025-14178

CVE-2025-14178: fix integer overflow in the precomputation of element counts using zendhashnumelements...

PT-2023-35835 · Git +1 · Php

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 4 crash type. The crash state involves zval call destructor, zend hash reverse apply, and shutdown...

SUSE CVE-2006-3017

zendhashdelkeyorindex in zendhash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zendhashdel to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations...

SUSE CVE-2017-5340

Zend/zendhash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service integer overflow, uninitialized memory access, and use of arbitrary destructor function...

The vulnerability of the Zend/zend_hash.c component in the PHP interpreter allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the Zend/zendhash.c component in the PHP interpreter arises due to integer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure due to integer overflow, uninitialized memory access, or the use of destructor functions...

PHP Zend/zend_hash.c Remote Code Execution Vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in PHP's Zend/zendhash.c file. Because the program fails to properly allocate large arrays, it allows a remote attacker to exploit the...

UBUNTU-CVE-2017-5340

Zend/zendhash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service integer overflow, uninitialized memory access, and use of arbitrary destructor function...

PHP 7 ZEND_HASH_IF_FULL_DO_RESIZE Memory Misreference Vulnerability

PHP foreign name: Hypertext Preprocessor, Chinese name: "Hypertext Preprocessor" is a general-purpose open source scripting language. An internal error misreference vulnerability exists in PHP 7 ZENDHASHIFFULLDORESIZE. When deserializing a string, if the number of elements used in a HashTable has...

PHP 'ZEND_HASH_IF_FULL_DO_RESIZE()' Memory Misreference Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit

No description provided by source. / Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 = 4.3.7 and php 5 = 5.0.0RC3. by Gyan Chawdhary [email protected] felinemenace.org/gyan Greets S.Esser for the vuln and mlxdebug.tgz, everything in the code is based on it...

XOOPS mod_gallery Zend_Hash_key + Extract - Remote File Inclusion

XOOPS modgallery ZendHashkey + Extract - Remote File Inclusion ---- XOOPS modgallery ZendHashkey + Extract RFI ... ITDefence.ru Antichat.ru XOOPS modgallery ZendHashkey + Extract REMOTE FILE INCLUDE Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / /...

Drupal 5.2 - PHP Zend Hash ation Vector

Drupal 5.2 - PHP Zend Hash ation Vector Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo; milw0rm.com 2007-10-10...

Drupal 5.2 - PHP Zend Hash ation Vector

Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo; milw0rm.com 2007-10-10...

security flaw

The zendhashinit function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service infinite loop by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a...

security flaw

The zendhashinit function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service infinite loop by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a...

security flaw

The zendhashinit function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service infinite loop by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a...

FreeBSD : joomla -- multiple vulnerabilities (0ab423e7-3822-11db-81e1-000e0c2e438a)

The Joomla development team reports multiple vulnerabilities within the joomla application. Joomla is vulnerable to the following vulnerabilities : - Improper validation of the mosMail function - Improper validation of the JosIsValidEmail function. - Remote code execution in PEAR.php - Zend Hash...

joomla -- multiple vulnerabilities

The Joomla development team reports multiple vulnerabilities within the joomla application. Joomla is vulnerable to the following vulnerabilities: Improper validation of the mosMail function Improper validation of the JosIsValidEmail function. Remote code execution in PEAR.php Zend Hash del key o...