Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-2225

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-23 Jun, 2010 | 18:00
Updated At-07 Aug, 2024 | 02:25
Rejected At-
Credits

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:23 Jun, 2010 | 18:00
Updated At:07 Aug, 2024 | 02:25
Rejected At:
▼CVE Numbering Authority (CNA)

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/40860
third-party-advisory
x_refsource_SECUNIA
http://twitter.com/i0n1c/statuses/16373156076
x_refsource_MISC
http://marc.info/?l=bugtraq&m=133469208622507&w=2
vendor-advisory
x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
vdb-entry
x_refsource_XF
http://www.debian.org/security/2010/dsa-2089
vendor-advisory
x_refsource_DEBIAN
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
vendor-advisory
x_refsource_APPLE
http://www.securityfocus.com/bid/40948
vdb-entry
x_refsource_BID
http://marc.info/?l=bugtraq&m=133469208622507&w=2
vendor-advisory
x_refsource_HP
https://bugzilla.redhat.com/show_bug.cgi?id=605641
x_refsource_MISC
http://support.apple.com/kb/HT4312
x_refsource_CONFIRM
http://twitter.com/i0n1c/statuses/16447867829
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
vendor-advisory
x_refsource_SUSE
http://pastebin.com/mXGidCsd
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/40860
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://twitter.com/i0n1c/statuses/16373156076
Resource:
x_refsource_MISC
Hyperlink: http://marc.info/?l=bugtraq&m=133469208622507&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.debian.org/security/2010/dsa-2089
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securityfocus.com/bid/40948
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://marc.info/?l=bugtraq&m=133469208622507&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=605641
Resource:
x_refsource_MISC
Hyperlink: http://support.apple.com/kb/HT4312
Resource:
x_refsource_CONFIRM
Hyperlink: http://twitter.com/i0n1c/statuses/16447867829
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://pastebin.com/mXGidCsd
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/40860
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://twitter.com/i0n1c/statuses/16373156076
x_refsource_MISC
x_transferred
http://marc.info/?l=bugtraq&m=133469208622507&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
vdb-entry
x_refsource_XF
x_transferred
http://www.debian.org/security/2010/dsa-2089
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securityfocus.com/bid/40948
vdb-entry
x_refsource_BID
x_transferred
http://marc.info/?l=bugtraq&m=133469208622507&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=605641
x_refsource_MISC
x_transferred
http://support.apple.com/kb/HT4312
x_refsource_CONFIRM
x_transferred
http://twitter.com/i0n1c/statuses/16447867829
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://pastebin.com/mXGidCsd
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/40860
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://twitter.com/i0n1c/statuses/16373156076
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133469208622507&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.debian.org/security/2010/dsa-2089
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/40948
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133469208622507&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=605641
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://support.apple.com/kb/HT4312
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://twitter.com/i0n1c/statuses/16447867829
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://pastebin.com/mXGidCsd
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:24 Jun, 2010 | 12:30
Updated At:29 Apr, 2026 | 01:13

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
The PHP Group
php
>>php>>5.2.0
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.1
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.2
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.3
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.4
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.5
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.6
cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.7
cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.8
cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.9
cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.10
cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.11
cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.12
cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.13
cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.1
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.2
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlsecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133469208622507&w=2secalert@redhat.com
N/A
http://pastebin.com/mXGidCsdsecalert@redhat.com
Exploit
http://secunia.com/advisories/40860secalert@redhat.com
N/A
http://support.apple.com/kb/HT4312secalert@redhat.com
N/A
http://twitter.com/i0n1c/statuses/16373156076secalert@redhat.com
N/A
http://twitter.com/i0n1c/statuses/16447867829secalert@redhat.com
N/A
http://www.debian.org/security/2010/dsa-2089secalert@redhat.com
N/A
http://www.securityfocus.com/bid/40948secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=605641secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/59610secalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133469208622507&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://pastebin.com/mXGidCsdaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/40860af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4312af854a3a-2127-422b-91ae-364da2661108
N/A
http://twitter.com/i0n1c/statuses/16373156076af854a3a-2127-422b-91ae-364da2661108
N/A
http://twitter.com/i0n1c/statuses/16447867829af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2010/dsa-2089af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/40948af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=605641af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/59610af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133469208622507&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://pastebin.com/mXGidCsd
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/40860
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4312
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://twitter.com/i0n1c/statuses/16373156076
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://twitter.com/i0n1c/statuses/16447867829
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2010/dsa-2089
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/40948
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=605641
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133469208622507&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://pastebin.com/mXGidCsd
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/40860
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4312
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://twitter.com/i0n1c/statuses/16373156076
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://twitter.com/i0n1c/statuses/16447867829
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2010/dsa-2089
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/40948
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=605641
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

222Records found
CVE-2016-5771
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.58% / 92.95%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupDebian GNU/Linux
Product-leapdebian_linuxphpopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2016-6294
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.16% / 90.93%
||
7 Day CHG~0.00%
Published-25 Jul, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-5772
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.93% / 94.83%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

Action-Not Available
Vendor-n/aopenSUSESUSEThe PHP GroupDebian GNU/Linux
Product-debian_linuxphplinux_enterprise_debuginfoleaplinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-415
Double Free
CVE-2016-5768
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.99% / 95.70%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-415
Double Free
CVE-2016-6288
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.32% / 89.01%
||
7 Day CHG~0.00%
Published-25 Jul, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5769
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.15% / 90.92%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-6295
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.12% / 89.95%
||
7 Day CHG~0.00%
Published-25 Jul, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-416
Use After Free
CVE-2016-4541
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 83.61%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupFedora Project
Product-leapphpfedoran/a
CVE-2016-4544
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-4.30% / 88.97%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupDebian GNU/LinuxFedora Project
Product-debian_linuxphpleapfedoraopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5094
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-2.41% / 85.25%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-4344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.67% / 71.53%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-4071
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-32.58% / 96.92%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.
Product-phpmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3141
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-72.28% / 98.78%
||
7 Day CHG~0.00%
Published-31 Mar, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.
Product-mac_os_xphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3078
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-48.11% / 97.76%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-1904
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.37% / 59.06%
||
7 Day CHG~0.00%
Published-19 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2015-8386
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.52% / 91.88%
||
7 Day CHG~0.00%
Published-02 Dec, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Action-Not Available
Vendor-pcren/aThe PHP GroupOracle CorporationFedora Project
Product-perl_compatible_regular_expression_librarylinuxphpfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8389
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.65% / 85.93%
||
7 Day CHG~0.00%
Published-02 Dec, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Action-Not Available
Vendor-pcren/aThe PHP GroupFedora Project
Product-perl_compatible_regular_expression_libraryphpfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-185
Incorrect Regular Expression
CVE-2015-8865
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-1.01% / 77.36%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.
Product-phpmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6834
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-37.24% / 97.22%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2015-6832
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.3||HIGH
EPSS-1.54% / 81.53%
||
7 Day CHG~0.00%
Published-19 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2015-5590
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-6.41% / 91.15%
||
7 Day CHG~0.00%
Published-19 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-28.78% / 96.60%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationRed Hat, Inc.The PHP Group
Product-enterprise_linux_servermac_os_xenterprise_linux_workstationphpenterprise_linux_desktopsolarisenterprise_linux_server_euslinuxenterprise_linux_hpc_nodeenterprise_linuxenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found