Vendor
Swoole
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24814 | Cri | 0.65 | — | 0.00 | Jan 27, 2026 | Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2. | ||
| CVE-2018-15503 | Hig | 0.42 | 7.5 | 0.02 | Aug 18, 2018 | The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. | ||
| CVE-2020-24275 | 0.00 | — | 0.01 | Jul 20, 2023 | A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | |||
| CVE-2019-15518 | 0.00 | — | 0.02 | Aug 23, 2019 | Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. |
- risk 0.65cvss —epss 0.00
Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2.
- risk 0.42cvss 7.5epss 0.02
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
- CVE-2020-24275Jul 20, 2023risk 0.00cvss —epss 0.01
A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL.
- CVE-2019-15518Aug 23, 2019risk 0.00cvss —epss 0.02
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.