php vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the php package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Improper Input Validation

*
  • M
Information Exposure

*
  • L
Null Byte Interaction Error (Poison Null Byte)

*
  • M
Improper Input Validation

*
  • M
Unchecked Return Value

*
  • L
Out-of-bounds Write

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Reversible One-Way Hash

*
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow to Buffer Overflow

*
  • M
Improper Input Validation

*
  • L
Uncontrolled Recursion

*
  • M
Improper Input Validation

*
  • M
Out-of-Bounds

*
  • M
Use After Free

<0:5.3.3-46.el6_6
  • M
Heap-based Buffer Overflow

<0:5.3.3-27.el6_5.1
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:5.3.3-27.el6_5.1
  • M
Integer Overflow or Wraparound

<0:5.3.3-27.el6_5.1
  • M
Heap-based Buffer Overflow

<0:5.3.3-27.el6_5.1
  • C
Improper Handling of Length Parameter Inconsistency

<0:5.3.3-27.el6_5
  • M
Information Exposure

<0:5.3.3-26.el6
  • M
Improper Input Validation

<0:5.3.3-26.el6
  • M
Null Byte Interaction Error (Poison Null Byte)

<0:5.3.3-26.el6
  • C
Out-of-Bounds

<0:5.3.3-23.el6_4
  • M
Improper Input Validation

<0:5.3.3-22.el6
  • M
Improper Input Validation

<0:5.3.3-22.el6
  • M
CVE-2012-2688

<0:5.3.3-22.el6
  • M
Improper Input Validation

<0:5.3.3-48.el6_8
  • M
Improper Handling of Syntactically Invalid Structure

<0:5.3.3-14.el6_3
  • M
Integer Overflow or Wraparound

<0:5.3.3-14.el6_3
  • M
Use of Externally-Controlled Format String

<0:5.3.3-14.el6_3
  • M
NULL Pointer Dereference

<0:5.3.3-14.el6_3
  • M
NULL Pointer Dereference

<0:5.3.3-14.el6_3
  • M
Access Restriction Bypass

<0:5.3.3-14.el6_3
  • M
Improper Input Validation

<0:5.3.3-14.el6_3
  • M
Memory Leak

<0:5.3.3-14.el6_3
  • M
Cryptographic Issues

<0:5.3.3-14.el6_3
  • C
Improper Input Validation

<0:5.3.3-3.el6_2.8
  • C
Improper Handling of Syntactically Invalid Structure

<0:5.3.3-3.el6_2.6
  • M
Improper Input Validation

<0:5.3.3-3.el6_2.5
  • M
Integer Overflow or Wraparound

<0:5.3.3-3.el6_2.5
  • M
Out-of-Bounds

<0:5.3.3-3.el6_1.3
  • M
Use After Free

<0:5.3.3-3.el6_1.3
  • M
Numeric Errors

<0:5.3.3-3.el6_1.3
  • M
Numeric Errors

<0:5.3.3-3.el6_1.3
  • M
Access Restriction Bypass

<0:5.3.3-3.el6_1.3
  • M
Stack-based Buffer Overflow

<0:5.3.3-3.el6_1.3
  • M
Memory Leak

<0:5.3.3-3.el6_1.3
  • M
CVE-2011-1469

<0:5.3.3-3.el6_1.3
  • M
Cryptographic Issues

<0:5.3.3-3.el6_1.3
  • M
Null Byte Interaction Error (Poison Null Byte)

<0:5.3.3-46.el6_6
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-46.el6_6
  • M
Use After Free

<0:5.3.3-46.el6_6
  • M
Algorithmic Complexity

<0:5.3.3-46.el6_6
  • M
Integer Overflow or Wraparound

<0:5.3.3-46.el6_6
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-46.el6_6
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-46.el6_6
  • M
Use After Free

<0:5.3.3-46.el6_6
  • M
Untrusted Pointer Dereference

<0:5.3.3-46.el6_6
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-46.el6_6
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-46.el6_6
  • M
Use After Free

<0:5.3.3-46.el6_6
  • M
Heap-based Buffer Overflow

<0:5.3.3-46.el6_6
  • M
Null Byte Interaction Error (Poison Null Byte)

<0:5.3.3-46.el6_6
  • M
Null Byte Interaction Error (Poison Null Byte)

<0:5.3.3-46.el6_6
  • M
Null Byte Interaction Error (Poison Null Byte)

<0:5.3.3-46.el6_6
  • M
Stack-based Buffer Overflow

<0:5.3.3-46.el6_6
  • M
Integer Overflow or Wraparound

<0:5.3.3-46.el6_6
  • M
Improper Input Validation

<0:5.3.3-46.el6_6
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-46.el6_6
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-46.el6_6
  • M
Out-of-Bounds

<0:5.3.3-46.el6_6
  • M
Out-of-Bounds

<0:5.3.3-46.el6_6
  • M
Integer Overflow or Wraparound

<0:5.3.3-46.el6_6
  • M
Numeric Errors

<0:5.3.2-6.el6_0.1
  • M
Cross-site Scripting (XSS)

<0:5.3.2-6.el6_0.1
  • M
Cross-site Scripting (XSS)

<0:5.3.2-6.el6_0.1
  • M
NULL Pointer Dereference

<0:5.3.2-6.el6_0.1
  • H
Out-of-bounds Read

<0:5.3.3-40.el6_6
  • H
Out-of-bounds Read

<0:5.3.3-40.el6_6
  • H
Out-of-Bounds

<0:5.3.3-40.el6_6
  • H
Integer Overflow or Wraparound

<0:5.3.3-40.el6_6
  • M
Integer Overflow or Wraparound

<0:5.3.3-27.el6_5.2
  • M
Out-of-bounds Read

<0:5.3.3-27.el6_5.2
  • M
NULL Pointer Dereference

<0:5.3.3-27.el6_5.2
  • M
Use After Free

<0:5.3.3-27.el6_5.2
  • M
Use After Free

<0:5.3.3-27.el6_5.2
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-27.el6_5.1
  • M
Heap-based Buffer Overflow

<0:5.3.3-27.el6_5.1
  • M
Numeric Errors

<0:5.3.3-27.el6_5.1
  • M
Algorithmic Complexity

<0:5.3.3-27.el6_5.1
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:5.3.3-27.el6_5.1
  • M
Improper Input Validation

<0:5.3.3-27.el6_5.1
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.3.3-27.el6_5.1
  • C
Improper Input Validation

<0:5.3.3-50.el6_10
  • M
NULL Pointer Dereference

*
  • M
Improper Access Control

*
  • M
Out-of-Bounds

*
  • M
Out-of-Bounds

*
  • M
Improper Initialization

*
  • L
Out-of-bounds Read

*
  • M
Out-of-bounds Read

*
  • M
Incorrect Privilege Assignment

*
  • L
Heap-based Buffer Overflow

*
  • L
Heap-based Buffer Overflow

*
  • M
Out-of-Bounds

*
  • M
Heap-based Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • M
Out-of-bounds Read

*
  • M
Out-of-bounds Read

*
  • M
Out-of-bounds Read

*
  • M
Cross-site Scripting (XSS)

*
  • M
Uncontrolled Recursion

*
  • M
Use After Free

*
  • M
OS Command Injection

*
  • L
Buffer Overflow

*
  • M
Integer Overflow or Wraparound

*
  • L
Out-of-bounds Read

*
  • M
Out-of-bounds Read

*
  • L
Buffer Overflow

*
  • M
Improper Null Termination

*
  • L
Integer Overflow or Wraparound

*
  • M
Out-of-bounds Read

*
  • L
Heap-based Buffer Overflow

*
  • L
Heap-based Buffer Overflow

*
  • L
Heap-based Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • M
Cross-site Scripting (XSS)

*
  • L
Out-of-bounds Read

*
  • M
Cross-site Scripting (XSS)

*
  • L
Out-of-bounds Read

*
  • M
NULL Pointer Dereference

*
  • L
Improper Authentication

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Out-of-bounds Write

*
  • M
Heap-based Buffer Overflow

*
  • M
Out-of-bounds Read

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Read

*
  • M
Improper Input Validation

*
  • L
Server-Side Request Forgery (SSRF)

*
  • M
Use After Free

*
  • M
Missing Initialization of a Variable

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • M
Improper Input Validation

*
  • M
Out-of-Bounds

*
  • M
Improper Input Validation

*
  • L
Information Exposure

*
  • M
Incorrect Check of Function Return Value

*
  • M
Use After Free

*
  • M
Use After Free

*
  • M
Out-of-bounds Read

*
  • L
NULL Pointer Dereference

*
  • L
Improper Input Validation

*
  • M
Use After Free

*
  • M
Use After Free

*
  • M
Stack-based Buffer Overflow

*
  • M
Missing Initialization of a Variable

*
  • M
CVE-2016-7478

*
  • M
Use After Free

*
  • M
Unchecked Return Value

*
  • M
NULL Pointer Dereference

*
  • M
Out-of-bounds Read

*
  • M
Stack-based Buffer Overflow

*
  • M
Heap-based Buffer Overflow

*
  • M
Use After Free

*
  • M
Use After Free

*
  • M
NULL Pointer Dereference

*
  • L
Use After Free

*
  • M
NULL Pointer Dereference

*
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow or Wraparound

*
  • M
NULL Pointer Dereference

*
  • M
Improper Input Validation

*
  • M
Out-of-bounds Write

*
  • M
Information Exposure

*
  • M
Out-of-bounds Write

*
  • M
Arbitrary Code Injection

*
  • M
Detection of Error Condition Without Action

*
  • M
Deserialization of Untrusted Data

*
  • M
Unchecked Error Condition

*
  • M
Incorrect Type Conversion or Cast

*
  • L
Stack-based Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • M
Out-of-Bounds

*
  • M
Improper Input Validation

*
  • M
Integer Overflow or Wraparound

*
  • M
Use After Free

*
  • L
NULL Pointer Dereference

*
  • L
Out-of-bounds Read

*
  • M
Improper Input Validation

*
  • M
Use After Free

*
  • L
Use After Free

*
  • M
Use After Free

*
  • M
Out-of-bounds Write

*
  • L
Integer Overflow or Wraparound

*
  • L
Improper Null Termination

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Heap-based Buffer Overflow

*
  • L
Heap-based Buffer Overflow

*
  • M
Improper Input Validation

*
  • L
Improper Input Validation

*
  • M
Missing Initialization of a Variable

*
  • L
Use After Free

*
  • M
Improper Initialization

*
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow or Wraparound

*
  • M
Out-of-bounds Write

*
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • M
Use After Free

*
  • L
Out-of-bounds Read

*
  • M
Heap-based Buffer Overflow

*
  • L
Stack-based Buffer Overflow

*
  • M
Integer Overflow or Wraparound

*
  • M
Improper Input Validation

*
  • L
Improper Input Validation

*
  • M
Off-by-one Error

*
  • M
Improper Handling of Syntactically Invalid Structure

*
  • M
NULL Pointer Dereference

*
  • M
Off-by-one Error

*
  • M
Integer Overflow or Wraparound

*
  • M
Incorrect Calculation

*
  • M
Out-of-bounds Read

*
  • L
Improper Input Validation

*
  • M
HTTP Response Splitting

*
  • L
Uncontrolled Recursion

*
  • M
Cryptographic Issues

*
  • L
Uncontrolled Recursion

*
  • L
CVE-2015-8866

*
  • L
Buffer Overflow

*
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • M
Untrusted Pointer Dereference

*
  • M
NULL Pointer Dereference

*
  • L
NULL Pointer Dereference

*
  • L
NULL Pointer Dereference

*
  • L
Use After Free

*
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • M
Directory Traversal

*
  • M
CVE-2015-6832

*
  • M
Use After Free

*
  • M
Integer Overflow or Wraparound

*
  • M
Out-of-Bounds

*
  • M
Improper Input Validation

*
  • L
NULL Pointer Dereference

*
  • L
Use After Free

*
  • L
Link Following

*
  • M
Numeric Errors

*
  • L
Integer Overflow or Wraparound

*
  • L
Access Restriction Bypass

*
  • M
Stack-based Buffer Overflow

*
  • L
Information Exposure

*
  • M
Directory Traversal

*
  • L
Out-of-bounds Read

*
  • M
Use of Externally-Controlled Format String

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
CVE-2011-0421

*
  • L
Missing Release of Resource after Effective Lifetime

*
  • L
Insecure Temporary File

*
  • M
Access Restriction Bypass

*
  • L
Insecure Temporary File

*
  • M
Resource Exhaustion

*
  • M
Improper Input Validation

*
  • L
Improper Input Validation

*
  • M
Session Fixation

*