The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
| Max Base Score | 9.8 |
| Published | 2022-10-21 |
| Updated | 2023-05-03 |
| EPSS | 0.76% |
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
| Max Base Score | 7.1 |
| Published | 2022-11-14 |
| Updated | 2022-12-23 |
| EPSS | 0.05% |
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
| Max Base Score | 8.8 |
| Published | 2022-06-16 |
| Updated | 2023-02-23 |
| EPSS | 0.38% |
3 vulnerabilities found