32 matches found
CLSA-2026-1779179106 php: Fix of 2 CVEs
CVE-2026-7261: SOAP UAF on SoapServer::handle header-handler failure - CVE-2026-7262: SOAP tozvalmap NULL pointer dereference...
CLSA-2026-1779178796 php: Fix of 2 CVEs
CVE-2026-7261: SOAP UAF on SoapServer::handle header-handler failure - CVE-2026-7262: SOAP tozvalmap NULL pointer dereference...
php-8.5.5-var_destroy-uaf
PHP 8.5.5 — vardestroy destruct reentrancy UAF Siste...
PT-2023-35835 · Git +1 · Php
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 4 crash type. The crash state involves zval call destructor, zend hash reverse apply, and shutdown...
SUSE CVE-2007-1286
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...
SUSE CVE-2017-12934
ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...
CLSA-2022-1647550845 Fix of CVE: CVE-2021-21708
CVE-2021-21708: move releasing of zval, so it is released only after assignment of a new zval...
CLSA-2022-1647550779 Fix of CVE: CVE-2021-21708
CVE-2021-21708: move releasing of zval, so it will be after assigning a new zval...
UBUNTU-CVE-2017-12934
ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...
UBUNTU-CVE-2017-6441
The zvalgetlongfuncex in Zend/zendoperators.c in PHP 7.1.2 allows attackers to cause a denial of service NULL pointer dereference and application crash via crafted use of "declareticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do n...
PHP 7 is due: the deserialization vulnerability case studies and analysis of on-vulnerability warning-the black bar safety net
! 1. Vulnerability history For hackers, if you can use a server-side error, that's the equivalent of hit the jackpot. Because users tend to move their data stored in the server,if a hacker can make use of this error can be directed to a target, thereby acquiring greater benefits. PHP scripting...
Internet Bug Bounty: Integer Overflow in Length of String-typed ZVAL
https://bugs.php.net/bug.php?id=72403...
Internet Bug Bounty: str_repeat() sign mismatch based memory corruption
OVERVIEW strrepeat suffers from a sign mismatch based integer overflow that results in creation of corrupted ZVALs; this condition, depending on the context, can be abused to bypass PHP-level checks or trigger any kind of memory error: a successful exploitation of this issue is likely to produce...
PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)
No description provided by source. $Id: phpunserializezvalcookie.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
PHP <= 4.4.4 unserialize() ZVAL Reference Counter Overflow Exploit PoC
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
security flaw
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...
security flaw
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...
security flaw
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter...
PHP <= 4.4.6 / 5.2.1 array_user_key_compare() ZVAL dtor Local Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / //...
PHP <= 4.4.6 / 5.2.1 array_user_key_compare() ZVAL dtor Local Exploit
Exploit for linux platform in category local exploits ===================================================================== PHP = 4.4.6 / 5.2.1 arrayuserkeycompare ZVAL dtor Local Exploit ===================================================================== ?php...