PHP : Security Vulnerabilities, CVEs, (Denial of service)
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
Max CVSS
7.5
EPSS Score
2.85%
Published
2002-07-26
Updated
2016-10-18
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
Max CVSS
7.5
EPSS Score
1.28%
Published
2003-01-17
Updated
2018-05-03
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
Max CVSS
5.0
EPSS Score
0.85%
Published
2002-12-31
Updated
2008-09-05
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
Max CVSS
5.0
EPSS Score
0.20%
Published
2002-12-31
Updated
2008-09-05
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
Max CVSS
7.8
EPSS Score
1.47%
Published
2002-12-31
Updated
2008-09-05
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
Max CVSS
7.5
EPSS Score
10.97%
Published
2003-04-02
Updated
2018-10-30
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.
Max CVSS
5.0
EPSS Score
0.24%
Published
2003-12-31
Updated
2018-10-30
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.
Max CVSS
5.0
EPSS Score
1.18%
Published
2003-12-31
Updated
2018-10-30
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
Max CVSS
10.0
EPSS Score
0.87%
Published
2005-01-10
Updated
2020-12-08
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
Max CVSS
10.0
EPSS Score
5.32%
Published
2005-01-10
Updated
2018-10-30
The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.
Max CVSS
5.0
EPSS Score
5.95%
Published
2005-05-02
Updated
2018-05-03
The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.
Max CVSS
5.0
EPSS Score
7.64%
Published
2005-05-02
Updated
2018-05-03
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2008-09-05
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
Max CVSS
5.0
EPSS Score
1.01%
Published
2005-04-14
Updated
2018-10-30
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
Max CVSS
2.1
EPSS Score
0.21%
Published
2005-10-27
Updated
2018-10-30
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
Max CVSS
5.0
EPSS Score
5.11%
Published
2005-11-18
Updated
2018-10-30
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
Max CVSS
6.4
EPSS Score
3.49%
Published
2006-04-24
Updated
2017-07-20
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
Max CVSS
7.5
EPSS Score
5.12%
Published
2007-01-30
Updated
2022-07-21
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
Max CVSS
7.5
EPSS Score
1.62%
Published
2007-02-13
Updated
2018-10-30
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
Max CVSS
5.0
EPSS Score
4.22%
Published
2007-02-13
Updated
2018-10-30
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
Max CVSS
7.8
EPSS Score
3.18%
Published
2007-02-13
Updated
2018-10-16
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
Max CVSS
4.3
EPSS Score
0.81%
Published
2007-02-20
Updated
2019-10-09
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Max CVSS
7.5
EPSS Score
11.25%
Published
2007-03-06
Updated
2024-02-02
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
Max CVSS
5.1
EPSS Score
2.50%
Published
2007-04-02
Updated
2017-07-29
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Max CVSS
6.8
EPSS Score
25.83%
Published
2007-06-04
Updated
2023-02-13