php vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the php package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Improper Input Validation

*
  • M
Information Exposure

*
  • M
Improper Input Validation

*
  • L
Null Byte Interaction Error (Poison Null Byte)

*
  • M
Unchecked Return Value

*
  • L
Out-of-bounds Write

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Reversible One-Way Hash

*
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow to Buffer Overflow

*
  • M
Improper Input Validation

*
  • L
Uncontrolled Recursion

*
  • M
Improper Input Validation

*
  • M
Out-of-Bounds

*
  • M
Improper Input Validation

<0:5.4.16-36.3.el7_2
  • H
Null Byte Interaction Error (Poison Null Byte)

<0:5.4.16-36.el7_1
  • H
Improper Input Validation

<0:5.4.16-36.el7_1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-36.el7_1
  • H
Null Byte Interaction Error (Poison Null Byte)

<0:5.4.16-36.el7_1
  • H
Use After Free

<0:5.4.16-36.el7_1
  • H
Algorithmic Complexity

<0:5.4.16-36.el7_1
  • H
Integer Overflow or Wraparound

<0:5.4.16-36.el7_1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-36.el7_1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-36.el7_1
  • H
Use After Free

<0:5.4.16-36.el7_1
  • H
Untrusted Pointer Dereference

<0:5.4.16-36.el7_1
  • H
Out-of-bounds Read

<0:5.4.16-36.el7_1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-36.el7_1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-36.el7_1
  • H
Null Byte Interaction Error (Poison Null Byte)

<0:5.4.16-36.el7_1
  • H
Use After Free

<0:5.4.16-36.el7_1
  • H
Heap-based Buffer Overflow

<0:5.4.16-36.el7_1
  • H
Null Byte Interaction Error (Poison Null Byte)

<0:5.4.16-36.el7_1
  • H
Improper Initialization

<0:5.4.16-36.el7_1
  • H
Null Byte Interaction Error (Poison Null Byte)

<0:5.4.16-36.el7_1
  • H
Null Byte Interaction Error (Poison Null Byte)

<0:5.4.16-36.el7_1
  • H
Stack-based Buffer Overflow

<0:5.4.16-36.el7_1
  • H
Use After Free

<0:5.4.16-36.el7_1
  • H
Improper Input Validation

<0:5.4.16-36.el7_1
  • H
Integer Overflow or Wraparound

<0:5.4.16-36.el7_1
  • H
Improper Input Validation

<0:5.4.16-36.el7_1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-36.el7_1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-36.el7_1
  • H
Out-of-Bounds

<0:5.4.16-36.el7_1
  • H
Out-of-Bounds

<0:5.4.16-36.el7_1
  • H
Use After Free

<0:5.4.16-36.el7_1
  • H
Integer Overflow or Wraparound

<0:5.4.16-36.el7_1
  • H
Out-of-bounds Read

<0:5.4.16-23.el7_0.3
  • H
Out-of-bounds Read

<0:5.4.16-23.el7_0.3
  • H
Out-of-Bounds

<0:5.4.16-23.el7_0.3
  • H
Integer Overflow or Wraparound

<0:5.4.16-23.el7_0.3
  • M
Resource Management Errors

<0:5.4.16-23.el7_0.1
  • M
Out-of-Bounds

<0:5.4.16-23.el7_0.1
  • M
Integer Overflow or Wraparound

<0:5.4.16-23.el7_0.1
  • M
Out-of-bounds Read

<0:5.4.16-23.el7_0.1
  • M
Null Byte Interaction Error (Poison Null Byte)

<0:5.4.16-23.el7_0.1
  • M
NULL Pointer Dereference

<0:5.4.16-23.el7_0.1
  • M
Use After Free

<0:5.4.16-23.el7_0.1
  • M
Use After Free

<0:5.4.16-23.el7_0.1
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-23.el7_0
  • M
Algorithmic Complexity

<0:5.4.16-23.el7_0
  • M
Heap-based Buffer Overflow

<0:5.4.16-23.el7_0
  • M
Numeric Errors

<0:5.4.16-23.el7_0
  • M
Algorithmic Complexity

<0:5.4.16-23.el7_0
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:5.4.16-23.el7_0
  • M
Improper Input Validation

<0:5.4.16-23.el7_0
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<0:5.4.16-23.el7_0
  • M
Improper Input Validation

<0:5.4.16-23.el7_0
  • M
Out-of-Bounds

<0:5.4.16-23.el7_0
  • C
Improper Input Validation

<0:5.4.16-46.1.el7_7
  • M
NULL Pointer Dereference

*
  • M
Improper Access Control

*
  • M
Out-of-Bounds

*
  • M
Out-of-Bounds

*
  • M
Out-of-bounds Read

<0:5.4.16-48.el7
  • M
Out-of-bounds Read

*
  • M
Improper Initialization

*
  • M
Incorrect Privilege Assignment

*
  • L
Heap-based Buffer Overflow

*
  • L
Heap-based Buffer Overflow

*
  • M
Out-of-Bounds

*
  • M
Heap-based Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • M
Out-of-bounds Read

*
  • M
Out-of-bounds Read

<0:5.4.16-48.el7
  • M
Out-of-bounds Read

*
  • M
Cross-site Scripting (XSS)

<0:5.4.16-48.el7
  • M
Uncontrolled Recursion

*
  • M
Use After Free

*
  • L
Buffer Overflow

*
  • M
Integer Overflow or Wraparound

*
  • L
Out-of-bounds Read

*
  • M
Out-of-bounds Read

*
  • L
Buffer Overflow

*
  • M
Improper Null Termination

*
  • M
Out-of-bounds Read

*
  • M
Integer Overflow or Wraparound

*
  • L
Heap-based Buffer Overflow

*
  • L
Heap-based Buffer Overflow

*
  • L
Heap-based Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • M
Cross-site Scripting (XSS)

<0:5.4.16-48.el7
  • L
Out-of-bounds Read

*
  • M
Cross-site Scripting (XSS)

*
  • L
Out-of-bounds Read

*
  • M
NULL Pointer Dereference

*
  • L
Improper Authentication

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Out-of-bounds Write

*
  • M
Heap-based Buffer Overflow

*
  • M
Out-of-bounds Read

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Read

*
  • M
Improper Input Validation

<0:5.4.16-43.el7_4.1
  • L
Server-Side Request Forgery (SSRF)

*
  • M
Use After Free

*
  • M
Missing Initialization of a Variable

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • M
Improper Input Validation

*
  • M
Out-of-Bounds

*
  • M
Improper Input Validation

*
  • L
Information Exposure

*
  • M
Incorrect Check of Function Return Value

*
  • M
Use After Free

*
  • M
Use After Free

*
  • M
Out-of-bounds Read

*
  • L
NULL Pointer Dereference

*
  • L
Improper Input Validation

*
  • M
Use After Free

*
  • M
Use After Free

*
  • M
Stack-based Buffer Overflow

*
  • M
Missing Initialization of a Variable

*
  • M
CVE-2016-7478

*
  • M
Use After Free

*
  • M
Unchecked Return Value

*
  • M
NULL Pointer Dereference

*
  • M
Out-of-bounds Read

*
  • M
Stack-based Buffer Overflow

*
  • M
Heap-based Buffer Overflow

*
  • M
Use After Free

*
  • M
Use After Free

*
  • M
NULL Pointer Dereference

*
  • M
Use After Free

<0:5.4.16-42.el7
  • M
NULL Pointer Dereference

*
  • M
Integer Overflow or Wraparound

<0:5.4.16-42.el7
  • M
Integer Overflow or Wraparound

<0:5.4.16-42.el7
  • M
NULL Pointer Dereference

*
  • M
Improper Input Validation

*
  • M
Out-of-bounds Write

*
  • M
Information Exposure

*
  • M
Out-of-bounds Write

*
  • M
Arbitrary Code Injection

*
  • M
Detection of Error Condition Without Action

<0:5.4.16-42.el7
  • M
Deserialization of Untrusted Data

*
  • M
Unchecked Error Condition

*
  • M
Incorrect Type Conversion or Cast

*
  • M
Use After Free

*
  • L
Stack-based Buffer Overflow

*
  • L
NULL Pointer Dereference

*
  • L
Out-of-bounds Read

*
  • M
Out-of-Bounds

*
  • M
Improper Input Validation

*
  • M
Integer Overflow or Wraparound

*
  • M
Use After Free

*
  • L
NULL Pointer Dereference

*
  • L
Out-of-bounds Read

*
  • M
Improper Input Validation

*
  • M
Use After Free

*
  • L
Use After Free

*
  • M
Use After Free

*
  • M
Out-of-bounds Write

*
  • L
Integer Overflow or Wraparound

*
  • L
Integer Overflow or Wraparound

*
  • L
Improper Null Termination

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Heap-based Buffer Overflow

*
  • L
Heap-based Buffer Overflow

*
  • M
Improper Input Validation

*
  • L
Improper Input Validation

*
  • M
Missing Initialization of a Variable

*
  • L
Use After Free

*
  • M
Improper Initialization

*
  • M
Integer Overflow or Wraparound

*
  • M
Use of Externally-Controlled Format String

*
  • M
Integer Overflow or Wraparound

*
  • M
Out-of-bounds Write

*
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • M
Use After Free

*
  • L
Out-of-bounds Read

*
  • M
Heap-based Buffer Overflow

*
  • L
Stack-based Buffer Overflow

*
  • M
Integer Overflow or Wraparound

<0:5.4.16-43.el7_4
  • M
Improper Input Validation

<0:5.4.16-43.el7_4
  • L
Improper Input Validation

*
  • M
Off-by-one Error

*
  • M
Improper Handling of Syntactically Invalid Structure

*
  • M
NULL Pointer Dereference

*
  • M
Off-by-one Error

*
  • M
Integer Overflow or Wraparound

*
  • M
Incorrect Calculation

*
  • M
Out-of-bounds Read

*
  • L
Improper Input Validation

*
  • M
HTTP Response Splitting

*
  • L
Uncontrolled Recursion

*
  • M
Cryptographic Issues

*
  • L
Uncontrolled Recursion

*
  • L
CVE-2015-8866

*
  • L
Buffer Overflow

*
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • M
Untrusted Pointer Dereference

*
  • M
NULL Pointer Dereference

*
  • L
NULL Pointer Dereference

*
  • L
NULL Pointer Dereference

*
  • L
Use After Free

*
  • L
Use After Free

*
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • M
Directory Traversal

*
  • M
CVE-2015-6832

*
  • M
Use After Free

*
  • M
Out-of-Bounds

*
  • M
Improper Input Validation

*
  • L
NULL Pointer Dereference

*
  • L
Use After Free

*
  • L
Link Following

*
  • M
Numeric Errors

*
  • L
Integer Overflow or Wraparound

*
  • M
Stack-based Buffer Overflow

*
  • L
Information Exposure

*
  • M
Directory Traversal

*
  • L
Out-of-bounds Read

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
Insecure Temporary File

*
  • M
Access Restriction Bypass

*
  • L
Insecure Temporary File

*
  • M
Resource Exhaustion

*
  • M
Improper Input Validation

*
  • M
Session Fixation

*