Vulnerabilities > PHP

DATE CVE VULNERABILITY TITLE RISK
2015-12-02 CVE-2015-8394 Integer Overflow or Wraparound vulnerability in multiple products
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre php CWE-190
critical
9.8
2015-12-02 CVE-2015-8393 Information Exposure vulnerability in multiple products
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
network
low complexity
pcre fedoraproject php CWE-200
7.5
2015-12-02 CVE-2015-8391 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre oracle fedoraproject redhat php CWE-119
critical
9.8
2015-12-02 CVE-2015-8390 Use of Uninitialized Resource vulnerability in multiple products
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-908
critical
9.8
2015-12-02 CVE-2015-8389 Incorrect Regular Expression vulnerability in multiple products
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-185
critical
9.8
2015-12-02 CVE-2015-8387 Integer Overflow or Wraparound vulnerability in multiple products
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-190
7.3
2015-12-02 CVE-2015-8386 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject oracle php CWE-119
critical
9.8
2015-12-02 CVE-2015-8383 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-119
critical
9.8
2012-05-11 CVE-2012-1823 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
network
low complexity
php fedoraproject debian hp opensuse suse apple redhat
critical
9.8
2010-05-07 CVE-2010-1866 Integer Overflow or Wraparound vulnerability in multiple products
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
network
low complexity
php opensuse suse CWE-190
critical
9.8