Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
Max CVSS
5.0
EPSS Score
2.40%
Published
2010-12-06
Updated
2018-10-30
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Max CVSS
5.0
EPSS Score
1.94%
Published
2010-12-07
Updated
2017-09-19
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.
Max CVSS
4.3
EPSS Score
7.84%
Published
2010-10-25
Updated
2016-08-23
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
Max CVSS
4.3
EPSS Score
0.24%
Published
2010-11-09
Updated
2023-02-13
Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
Max CVSS
6.8
EPSS Score
0.88%
Published
2010-08-20
Updated
2010-12-07
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs.
Max CVSS
5.0
EPSS Score
0.31%
Published
2010-05-27
Updated
2010-12-07
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.
Max CVSS
5.0
EPSS Score
1.59%
Published
2010-05-12
Updated
2017-08-17
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
Max CVSS
9.8
EPSS Score
2.66%
Published
2010-05-07
Updated
2024-02-08
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
Max CVSS
5.0
EPSS Score
2.61%
Published
2010-03-16
Updated
2010-12-10
9 vulnerabilities found