php-pecl-rrd vulnerabilities

Known vulnerabilities in the php-pecl-rrd package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M CVE-2024-8929	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M Arbitrary Code Injection	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M CVE-2025-1861	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M CVE-2025-1736	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M Interpretation Conflict	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M CVE-2025-1219	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M CVE-2025-1734	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M Out-of-bounds Write	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M HTTP Request Smuggling	<0:2.0.1-1.module+el8.10.0+90472+f810484b
M CVE-2024-3096	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M CVE-2024-2756	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M CVE-2024-8927	<0:2.0.1-1.module+el8.10.0+90472+f810484b
M Insufficient Verification of Data Authenticity	<0:2.0.3-1.module+el8.10.0+90469+8883f508
M CVE-2024-9026	<0:2.0.1-1.module+el8.10.0+90472+f810484b
M Use of Password Hash With Insufficient Computational Effort	<0:2.0.1-1.module+el8.10.0+90472+f810484b
M XML External Entity (XXE) Injection	<0:2.0.1-1.module+el8.10.0+90472+f810484b
M Out-of-Bounds	<0:2.0.1-1.module+el8.10.0+90472+f810484b
H Resource Exhaustion	<0:2.0.3-1.module+el8.6.0+20568+84712317
M Use of Insufficiently Random Values	<0:2.0.1-1.module+el8.10.0+90472+f810484b
M Allocation of Resources Without Limits or Throttling	<0:2.0.1-1.module+el8.10.0+90472+f810484b
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M CVE-2022-31629	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Out-of-bounds Read	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M CVE-2022-31631	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Integer Overflow or Wraparound	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Link Following	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M CVE-2021-21707	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Use After Free	<0:2.0.3-1.module+el8.6.0+20568+84712317
M CVE-2020-28949	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Deserialization of Untrusted Data	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Directory Traversal	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Release of Invalid Pointer or Reference	<0:2.0.3-1.module+el8.6.0+20568+84712317
H Buffer Overflow	<0:2.0.3-1.module+el8.6.0+20568+84712317
M Out-of-bounds Write	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Improper Input Validation	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M NULL Pointer Dereference	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Use After Free	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Inadequate Encryption Strength	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Improper Input Validation	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Reliance on Cookies without Validation and Integrity Checking	<0:2.0.1-1.module+el8.3.0+7685+72d70b58
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M NULL Pointer Dereference	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Use After Free	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Integer Overflow or Wraparound	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Uncontrolled Recursion	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Improper Preservation of Permissions	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M CVE-2020-7066	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M NULL Pointer Dereference	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Write	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Arbitrary Code Injection	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d
M Out-of-bounds Read	<0:2.0.1-1.module+el8.2.0+5569+98c8b30d

Vulnerability

Vulnerable Version

CVE-2024-8929

<0:2.0.3-1.module+el8.10.0+90469+8883f508

Arbitrary Code Injection

<0:2.0.3-1.module+el8.10.0+90469+8883f508

CVE-2025-1861

<0:2.0.3-1.module+el8.10.0+90469+8883f508

CVE-2025-1736

<0:2.0.3-1.module+el8.10.0+90469+8883f508

Interpretation Conflict

<0:2.0.3-1.module+el8.10.0+90469+8883f508

CVE-2025-1219

<0:2.0.3-1.module+el8.10.0+90469+8883f508

CVE-2025-1734

<0:2.0.3-1.module+el8.10.0+90469+8883f508

Out-of-bounds Write

<0:2.0.3-1.module+el8.10.0+90469+8883f508

HTTP Request Smuggling

<0:2.0.1-1.module+el8.10.0+90472+f810484b

CVE-2024-3096

<0:2.0.3-1.module+el8.10.0+90469+8883f508

CVE-2024-2756

<0:2.0.3-1.module+el8.10.0+90469+8883f508

CVE-2024-8927

<0:2.0.1-1.module+el8.10.0+90472+f810484b

Insufficient Verification of Data Authenticity

<0:2.0.3-1.module+el8.10.0+90469+8883f508

CVE-2024-9026

<0:2.0.1-1.module+el8.10.0+90472+f810484b

Use of Password Hash With Insufficient Computational Effort

<0:2.0.1-1.module+el8.10.0+90472+f810484b

XML External Entity (XXE) Injection

<0:2.0.1-1.module+el8.10.0+90472+f810484b

Out-of-Bounds

<0:2.0.1-1.module+el8.10.0+90472+f810484b

Resource Exhaustion

<0:2.0.3-1.module+el8.6.0+20568+84712317

Use of Insufficiently Random Values

<0:2.0.1-1.module+el8.10.0+90472+f810484b

Allocation of Resources Without Limits or Throttling

<0:2.0.1-1.module+el8.10.0+90472+f810484b

Loop with Unreachable Exit Condition ('Infinite Loop')

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

CVE-2022-31629

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Out-of-bounds Read

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

CVE-2022-31631

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Integer Overflow or Wraparound

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Link Following

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

CVE-2021-21707

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Use After Free

<0:2.0.3-1.module+el8.6.0+20568+84712317

CVE-2020-28949

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Deserialization of Untrusted Data

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Directory Traversal

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Release of Invalid Pointer or Reference

<0:2.0.3-1.module+el8.6.0+20568+84712317

Buffer Overflow

<0:2.0.3-1.module+el8.6.0+20568+84712317

Out-of-bounds Write

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Improper Input Validation

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

NULL Pointer Dereference

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Use After Free

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Inadequate Encryption Strength

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Improper Input Validation

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Reliance on Cookies without Validation and Integrity Checking

<0:2.0.1-1.module+el8.3.0+7685+72d70b58

Out-of-bounds Read