php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

  Showing 1-50 of 2112 Show Next 50 Entries »
ID# Date Last Modified Package Type Status PHP Version OS Summary Assigned
70743
(edit)		 2015-10-19 20:10 UTC 2015-12-31 23:41 UTC hash related Sec Bug Closed 7.0.0RC5 any password_hash() and crypt() should not use php_rand() to generate salts stas
71020
(edit)		 2015-12-03 22:09 UTC 2015-12-22 17:13 UTC intl Sec Bug Closed 7.0.0 * Use after free in Collator::sortWithSortKeys laruence
71270
(edit)		 2016-01-03 23:26 UTC 2016-01-21 11:46 UTC Scripting Engine problem Sec Bug Closed 7.0.1   Heap BufferOver Flow in escapeshell functions ab
71408
(edit)		 2016-01-18 15:17 UTC 2016-02-01 06:21 UTC PCRE related Sec Bug Closed 7.0.2 Ubuntu 15.10 x64 (4.2.0-18) Stack corruption via crafted pattern in preg_match stas
71475
(edit)		 2016-01-28 09:42 UTC 2016-02-04 16:33 UTC OpenSSL related Sec Bug Closed 7.0.3RC1   openssl_seal() uninitialized memory usage stas
71585
(edit)		 2016-02-13 18:49 UTC 2016-02-28 04:22 UTC Unknown/Other Function Sec Bug No Feedback 7.0.3 Windows 10 php-win.exe deleted by Norton Security  
71610
(edit)		 2016-02-16 17:14 UTC 2016-03-17 04:49 UTC SOAP related Sec Bug Closed 7.0.3 Linux Type Confusion Vulnerability - SOAP / make_http_soap_request() stas
71637
(edit)		 2016-02-20 12:21 UTC 2016-04-28 17:02 UTC *General Issues Sec Bug Closed 7.0.3   Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes stas
71719
(edit)		 2016-03-05 20:48 UTC 2016-10-05 06:29 UTC HTTP related Sec Bug Closed 7.0.4 Linux Buffer overflow in HTTP url parsing functions mike
71923
(edit)		 2016-03-29 23:45 UTC 2016-04-27 06:34 UTC Zip Related Sec Bug Closed 7.0.5RC1   integer overflow in ZipArchive::getFrom* stas
72512
(edit)		 2016-06-29 04:03 UTC 2016-07-25 09:52 UTC GD related Sec Bug Closed 7.0.8 * gdImageTrueColorToPaletteBody allows arbitrary write/read access pajoye
72519
(edit)		 2016-06-30 04:10 UTC 2016-07-19 07:45 UTC GD related Sec Bug Closed 7.0.8 * imagegif/output out-of-bounds access stas
72533
(edit)		 2016-07-03 04:03 UTC 2016-07-25 15:19 UTC intl Sec Bug Closed 7.0.8 * locale_accept_from_http out-of-bounds access stas
72535
(edit)		 2016-07-03 05:55 UTC 2017-10-27 18:05 UTC mcrypt related Sec Bug Closed 7.0.8 * arcfour encryption stream filter crashes php derick
72541
(edit)		 2016-07-04 07:42 UTC 2016-08-01 02:43 UTC cURL related Sec Bug Closed 7.0.8 ALL size_t overflow lead to heap corruption stas
72551
(edit)		 2016-07-06 07:56 UTC 2016-08-01 02:46 UTC mcrypt related Sec Bug Closed 7.0.8 ALL In correct casting from size_t to int lead to heap overflow in mcrypt_generic stas
72552
(edit)		 2016-07-06 07:59 UTC 2016-08-01 02:46 UTC mcrypt related Sec Bug Closed 7.0.8 ALL In correct casting from size_t to int lead to heap overflow in mdecrypt_generic stas
72573
(edit)		 2016-07-11 00:27 UTC 2016-07-29 02:49 UTC CGI/CLI related Sec Bug Closed 7.0.9RC1 any HTTP_PROXY is improperly trusted by some PHP libraries and applications stas
72742
(edit)		 2016-08-03 06:20 UTC 2016-09-05 15:29 UTC Filesystem function related Sec Bug Closed 7.0.9 * memory allocator fails to realloc small block to large one stas
72978
(edit)		 2016-08-30 15:56 UTC 2016-12-13 11:52 UTC *General Issues Sec Bug Closed 7.0.10   Use After Free in PHP7 unserialize() stas
73003
(edit)		 2016-09-02 12:52 UTC 2016-09-29 07:33 UTC GD related Sec Bug Closed 7.0.11 Ubuntu Integer Overflow in gdImageWebpCtx of gd_webp.c cmb
73091
(edit)		 2016-09-15 15:20 UTC 2016-10-11 23:51 UTC *General Issues Sec Bug Closed 7.0.11   Unserializing DateInterval object may lead to __toString invocation stas
73136
(edit)		 2016-09-21 07:53 UTC 2016-10-12 00:01 UTC mbstring related Sec Bug Closed 7.0.11 ALL NULL pointer dereference in mb_parse_str stas
73257
(edit)		 2016-10-06 13:07 UTC 2016-12-30 09:05 UTC SPL related Sec Bug Closed 7.0.11   pointer to uninitialized memory passed to unserialize stas
73258
(edit)		 2016-10-06 13:39 UTC 2016-10-13 10:37 UTC SPL related Sec Bug Closed 7.0.11   SplObjectStorage unserialize allows use of non-object as key stas
73295
(edit)		 2016-10-11 16:48 UTC 2016-11-14 11:37 UTC Strings related Sec Bug Closed 7.0.11   Invalid memory access in php_basename function stas
73296
(edit)		 2016-10-11 17:03 UTC 2016-11-14 11:40 UTC SPL_Types Sec Bug Closed 7.0.11   Invalid memory access in spl_filesystem_info_set_filename function stas
73316
(edit)		 2016-10-13 14:14 UTC 2016-11-14 11:41 UTC SPL related Sec Bug Closed 7.0.11   Invalid memory access in spl_filesystem_dir_open function stas
73342
(edit)		 2016-10-18 20:02 UTC 2019-07-18 13:06 UTC FPM related Sec Bug Closed 7.0Git-2016-10-18 (Git) Ubuntu 16.04 Vulnerability in php-fpm by changing stdin to non-blocking bukka
73371
(edit)		 2016-10-22 09:58 UTC 2016-11-14 11:44 UTC intl Sec Bug Closed 7.0.13   crash in locale_get_keywords function stas
73376
(edit)		 2016-10-23 09:09 UTC 2016-11-14 11:45 UTC intl Sec Bug Closed 7.0.13   crash in locale_get_keywords() when keyword value in locale string too long stas
73452
(edit)		 2016-11-03 11:41 UTC 2016-12-10 17:21 UTC SOAP related Sec Bug Closed 7.0.12   Segfault (Regression for #69152) ab
73761
(edit)		 2016-12-16 15:48 UTC 2016-12-19 15:35 UTC Strings related Sec Bug Not a bug 7.0.14 windows Integer overflow in str_repeat()  
73831
(edit)		 2016-12-29 14:55 UTC 2017-02-09 10:45 UTC WDDX related Sec Bug Closed 7.0.14 ALL NULL Pointer Dereference while unserialize php object stas
73832
(edit)		 2016-12-29 15:03 UTC 2017-01-20 19:18 UTC *General Issues Sec Bug Closed 7.0.14 Arch Linux Use of uninitialized memory in unserialize() stas
74614
(edit)		 2017-05-18 15:22 UTC 2017-07-04 19:33 UTC *General Issues Sec Bug Closed 7.0.20 * Use-after-free in PHP7's unserialize() stas
74651
(edit)		 2017-05-25 10:00 UTC 2018-01-15 12:18 UTC OpenSSL related Sec Bug Closed 7.0.21 * negative-size-param (-1) in memcpy in zif_openssl_seal() stas
74704
(edit)		 2017-06-07 13:24 UTC 2017-10-15 22:40 UTC GD related Sec Bug Not a bug 7.0.19 Linux PNG PLTE Chunk ability to inject malicious code  
75457
(edit)		 2017-10-30 03:52 UTC 2019-08-26 02:44 UTC PCRE related Sec Bug Closed 7.0.25 Linux heap-use-after-free in php7.0.25 stas
76249
(edit)		 2018-04-22 15:18 UTC 2018-04-29 20:47 UTC Streams related Sec Bug Closed 7.0.29 ubuntu/xenial x64 stream filter convert.iconv leads to infinite loop on invalid sequence stas
76428
(edit)		 2018-06-08 01:03 UTC 2018-11-20 19:37 UTC IMAP related Sec Bug Duplicate 7.0.30 Debian Linux Command execution through imap_open  
77231
(edit)		 2018-12-03 10:00 UTC 2018-12-03 23:52 UTC Filesystem function related Sec Bug Closed 7.0.33 linux Segfault when using convert.quoted-printable-encode filter stas
17400
(edit)		 2002-05-23 20:29 UTC 2017-11-27 15:20 UTC *General Issues Req Closed 7.0   getting ip for eth0 pollita
24337
(edit)		 2003-06-25 11:59 UTC 2022-04-07 15:03 UTC *General Issues Req Closed 7.0 all additional configure --with-avail, and fix --enable-all ilutov
27022
(edit)		 2004-01-23 12:47 UTC 2015-12-23 19:55 UTC Scripting Engine problem Req Closed 7.0 * Class constant has no visibility modificator seander
38685
(edit)		 2006-09-01 22:46 UTC 2020-04-01 16:01 UTC Strings related Req Suspended 7.0 any ER: Allow str_replace with string subject, array replace  
41243
(edit)		 2007-04-30 16:05 UTC 2015-08-02 22:30 UTC Zip Related Req Closed 7.0.0 * Ability to store uncompressed files pajoye
41245
(edit)		 2007-04-30 19:33 UTC 2014-12-30 21:10 UTC *General Issues Req Open 7.0 Any Ability to set handler for "memory limit exceeded"  
41409
(edit)		 2007-05-16 12:18 UTC 2015-02-08 10:22 UTC *General Issues Req Closed 7.0 Irrelevant PHP does not process hexadecimal strings in a consistent manner. nikic
54033
(edit)		 2011-02-17 00:44 UTC 2017-10-24 08:14 UTC Scripting Engine problem Req Open 7.0   add get_error_handler and get_exception handler  
  Showing 1-50 of 2112 Show Next 50 Entries »
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 16 18:01:31 2025 UTC