Debian Bug report logs -
#780713
php5: CVE-2015-2331
Package:
src:php5;
Maintainer for src:php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Wed, 18 Mar 2015 09:24:07 UTC
Severity: grave
Tags: security
Found in versions php5/566+dfsg-1, p ...
Debian Bug report logs -
#778389
php5: CVE-2015-2305: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package:
php5;
Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon)
Reported by: Luciano Bello < ...
Several security issues were fixed in PHP ...
ClamAV could be made to crash or run programs if it processed a specially
crafted file ...
A heap buffer overflow flaw was found in the regcomp() function of Henry Spencer's regular expression library An attacker able to make an application process a specially crafted regular expression pattern with the regcomp() function could cause that application to crash and possibly execute arbitrary code ...
A use-after-free flaw was found in the way PHP's unserialize() function processed data If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code (CVE-2015-0231)
An integer overflow flaw, leading to a heap-based buffer overflow, was found ...
A use-after-free flaw was found in the way PHP's unserialize() function processed data If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code (CVE-2015-0231)
An integer overflow flaw, leading to a heap-based buffer overflow, was found ...
A use-after-free flaw was found in the way PHP's unserialize() function processed data If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code (CVE-2015-0231)
An integer overflow flaw, leading to a heap-based buffer overflow, was found ...
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha38g5 on 32-bit platforms, as used in NetBSD through 615 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow ...