rpm package
almalinux/php-json
pkg:rpm/almalinux/php-json
Vulnerabilities (84)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9022 | Hig | 7.5 | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 22, 2019 | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi | |
| CVE-2019-9021 | Cri | 9.8 | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi | |
| CVE-2019-9020 | Cri | 9.8 | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in | |
| CVE-2018-20783 | Hig | 7.5 | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 21, 2019 | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_ |
- affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi
- affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi
- affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in
- affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_
Page 5 of 5