CLSA-2020-1605798462
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2020-1605798462.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2020-1605798462
- Upstream
- Published
- 2020-10-15T12:00:00Z
- Modified
- 2026-05-27T11:35:14.745742838Z
- Summary
- Fix of 227 CVE
- Details
-
- Fix bug #69720: Null pointer dereference in phargetfp_offset()
- Fix bug #70728: Type Confusion Vulnerability in PHPtoXMLRPC_worker()
- Fix bug #70661: Use After Free Vulnerability in WDDX Packet Deserialization
- Fix bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability
- Fix bug #71459: Integer overflow in iptcembed()
- Fix bug #71039: exec functions ignore length but look for NULL termination
- Fix bug #71354: Heap corruption in tar/zip/phar parser.
- Fix bug #71391: NULL Pointer Dereference in phartarsetupmetadata()
- Fix bug #71323: Output of streamgetmeta_data can be falsified by its input
- Fix bug #71498: Out-of-Bound Read in pharparsezipfile()
- Fix bug #71587: Use-After-Free / Double-Free in WDDX Deserialize
- Fix bug #71860: Invalid memory write in phar on filename with \0 in name
- Fix bug #71798: Integer Overflow in phprawurl_encode
- Fix bug #72837: integer overflow in bzdecompress caused heap corruption
- Fix bug #72681: PHP Session Data Injection Vulnerability
- Fix bug #72807: integer overflow in curl_escape caused heap corruption
- Fix bug #72838: Integer overflow lead to heap corruption in sql_regcase
- Fix bug #72697: select_colors write out-of-bounds
- Fix bug #72730: imagegammacorrect allows arbitrary write access
- Fix bug #72836: integer overflow in base64_decode caused heap corruption
- Fix bug #72848: integer overflow in quotedprintableencode caused heap corruption
- Fix bug #72849: integer overflow in urlencode caused heap corruption
- Fix bug #72850: integer overflow in php_uuencode caused heap corruption
- Fix bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack
- Fix bug #72749: wddx_deserialize allows illegal memory access
- Fix bug #72750: wddx_deserialize null dereference
- Fix bug #72790: wddx_deserialize null dereference with invalid xml
- Fix bug #72799: wddxdeserialize null dereference in phpwddxpopelement
- Fix bug #73189: Memcpy negative size parameter phpresolvepath
- Fix bug #73150: missing NULL check in domdocumentsave_html
- Fix bug #73284: heap overflow in phperegreplace function
- Fix bug #73218: stack-buffer-overflow through "ResourceBundle" methods
- Fix bug #73208: integer overflow in imap_8bit caused heap corruption
- Fix bug #73082: string length overflow in mbencode* function
- Fix bug #73174: heap overflow in phppcrereplace_impl
- Fix bug #73276: crash in opensslrandompseudo_bytes function
- Fix bug #73275: crash in openssl_encrypt function
- Fix bug #73017: memory corruption in wordwrap function
- Fix bug #73240: Write out of bounds at number_format
- Fix bug #73073: CachingIterator null dereference when convert to string
- Fix bug #73293: NULL pointer dereference in SimpleXMLElement::asXML()
- Fix bug #73356: crash in bzcompress function
- Fix bug #72696: imagefilltoborder stackoverflow on truecolor images
- Fix bug #73418: Integer Overflow in "phpimap_mail" leads Heap Overflow
- Fix bug #73144: Use-after-free in ArrayObject Deserialization
- Fix bug #73192: parse_url return wrong hostname
- Fix bug #73331: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
- Fix bug #73452: Segfault (Regression for #69152)
- Fix bug #73631: Invalid read when wddx decodes empty boolean element
- Fix bug #67587: Redirection loop on nginx with FPM
- Fix bug #71465: PHAR doesn't know about litespeed
- Fix bug #73737: FPE when parsing a tag format
- Fix bug #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
- Fix bug #73869: Signed Integer Overflow gd_io.c
- Fix bug #73773: Seg fault when loading hostile phar
- Fix bug #70436: Use After Free Vulnerability in unserialize()
- Fix bug #74603: PHP INI Parsing Stack Buffer Overflow Vulnerability
- Fix bug #72535: arcfour encryption stream filter crashes php
- Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unseria
- Fix bug #72455: Heap Overflow due to integer overflows
- Fix bug #74782: Reflected XSS in .phar 404 page
- Fix bug #71335: Type Confusion in WDDX Packet Deserialization
- Fix bug #76130: Heap Buffer Overflow (READ: 1786) in exifiifadd_value
- Fix bug #76249: stream filter convert.iconv leads to infinite loop on invalid sequence
- Fix bug #76248: Malicious LDAP-Server Response causes Crash
- Fix bug #76129: fix for CVE-2018-5712 may not be complete
- Fix bug #75981: stack-buffer-overflow while parsing HTTP response
- Fix bug #74385: Locale::parseLocale() broken with some arguments
- Fix bug #76335: "link(): Bad file descriptor" with non-ASCII path
- Fix bug #76383: arraymap on $GLOBALS returns ISINDIRECT
- Fix bug #73342: Vulnerability in php-fpm by changing stdin to non-blocking
- Fix bug #76505: arraymergerecursive() is duplicating sub-array keys
- Fix bug #76532: Integer overflow and excessive memory usage in mb_strimwidth
- Fix bug #76548: pgfetchresult did not fetch the next row
- Fix bug #76488: Memory leak when fetching a BLOB field
- Fix bug #76665: SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle
- Fix bug #75402: Possible Memory Leak using PDO::CURSOR_SCROLL option
- Fix bug #76517: --with-gettext= causes configure to misjudges there is no getcwd
- Fix bug #72443: Installing shared extensions: cp: cannot stat 'modules/*': No such file or dire
- Fix bug #68175: RegexIterator pregFlags are NULL instead of 0
- Fix bug #55146: iconvmimedecode_headers() skips some headers
- Fix bug #63839: iconvmimedecode_headers function is skipping headers
- Fix bug #60494: iconvmimedecode does ignore special characters
- Fix bug #68180: iconvmimedecode can return extra characters in a header
- Fix bug #73457: Wrong error message when fopen FTP wrapped fails to open data connection
- Fix bug #74454: Wrong exception being thrown when using ReflectionMethod
- Fix bug #74764: Bindto IPv6 works with filegetcontents but fails with streamsocketclient
- Fix bug #75273: phpzlibinflatefilter() may not update bytesconsumed
- Fix bug #75696: posix_getgrnam fails to print details of group
- Fix bug #76480: Use curlmultiwait() so that timeouts are respected
- Fix bug #76800: foreach inconsistent if array modified during loop
- Fix bug #76886: Can't build xmlrpc with expat
- Fix bug #76901: method_exists on SPL iterator passthrough method corrupts memory
- Fix bug #77242: heap out of bounds read in xmlrpc_decode()
- Fix bug #77247: heap buffer overflow in phardetectpharfnameext
- Fix bug #77270: imagecolormatch Out Of Bounds Write on Heap
- Fix bug #77370: Buffer overflow on mb regex functions - fetch_token
- Fix bug #77380: Global out of bounds read in xmlrpc base64 code
- Fix bug #77630: rename() across the device may allow unwanted access during processing
- Fix bug #77494: Disabling class causes segfault on member access
- Fix bug #77431: openFile() silently truncates after a null byte
- Fix bug #51068: DirectoryIterator glob:// don't support current path relative queries
- Fix bug #77396: Null Pointer Dereference in pharcreateorparsefilename
- Fix bug #77540: Invalid Read on exifprocessSOFn
- Fix bug #77390: feof might hang on TLS streams in case of fragmented TLS records
- Fix bug #77586: phartarwriteheaders_int() buffer overflow
- Fix bug #77546: iptcembed broken function
- Fix bug #77563: Uninitialized read in exifprocessIFDinMAKERNOTE
- Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data
- Fix bug #77024: SplFileObject::__toString() may return array
- Fix bug #77945: Segmentation fault when constructing SoapClient with WSDLCACHEBOTH
- Fix bug #77697: Crash on Big_Endian platform
- Fix bug #77943: imageantialias($image, false); does not work
- Fix bug #77944: Wrong meta pdo_type for bigint on LLP64
- Fix bug #76717: varexport() does not create a parsable value for PHPINT_MIN
- Fix bug #77921: static.php.net doesn't work anymore
- Fix bug #77934: php-fpm kill -USR2 not working
- Fix bug #77700: Writing truecolor images as GIF ignores interlace flag
- Fix bug #77765: FTP stream wrapper should set the directory as executable
- Fix bug #50020: DateInterval:createDateFromString() silently fails
- Fix bug #77742: bcpow() implementation related to gcc compiler optimization
- Fix bug #77967: Bypassing open_basedir restrictions via file uris
- Fix bug #77973: Uninitialized read in gdImageCreateFromXbm
- Fix bug #77988: heap-buffer-overflow on phpjpgget16
- Fix bug #78192: SegFault when reuse statement after schema has changed
- Fix bug #77124: FTP with SSL memory leak
- Fix bug #78256: heap-buffer-overflow on exifprocessuser_comment
- Fix bug #78222: heap-buffer-overflow on exifscanthumbnail
- Fix bug #77946: Bad cURL resources returned by curlmultiinfo_read()
- Fix bug #78333: Exif crash (bus error) due to wrong alignment and invalid cast
- Fix bug #69100: Bus error from streamcopyto_stream (file -> SSL stream) with invalid length
- Fix bug #76342: filegetcontents waits twice specified timeout
- Fix bug #76859: streamgetline skips data if used with data-generating filter
- Fix bug #78579: mbdecodenumericentity: args number inconsistency
- Fix bug #78910: Heap-buffer-overflow READ in exif
- Fix bug #78878: Buffer underflow in bcshiftaddsub
- Fix bug #78793: Use-after-free in exif parsing under memory sanitizer
- Fix bug #78863: DirectoryIterator class silently truncates after a null byte
- Fix bug #79099: OOB read in phpstriptags_ex
- Fix bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions
- Fix bug #79329: get_headers() silently truncates after a null byte
- Fix bug #79282: Use-of-uninitialized-value in exif
- Fix bug #61597: SimpleXMLElement doesn't include both @attributes and textContent in properties
- Fix bug #74940: DateTimeZone loose comparison always true until properties are initialized.
- Fix bug #79296: ZipArchive::open fails on empty file (libzip 1.6.0)
- Fix bug #79330: shell_exec() silently truncates after a null byte
- Fix bug #79364: When copy empty array, next key is unspecified.
- Fix bug #79396: DateTime hour incorrect during DST jump forward using setTime
- Fix bug #79410: system() swallows last chunk if it is exactly 4095 bytes without newline
- Fix bug #79424: phpzipglob uses gl_pathc after call to globfree
- Fix bug #79465: OOB Read in urldecode() (CVE-2020-7067)
- Fix bug #78221: DOMNode::normalize() doesn't remove empty text nodes
- Fix bug #78875: Long filenames cause OOM and temp files are not cleaned (CVE-2019-11048)
- Fix bug #78876: Long variables in multipart/form-data cause OOM and temp files are not cleaned (CVE-2019-11048)
- Fix bug #79514: Memory leaks while including unexistent file
- Fix bug #79528: Different object of the same xml between 7.4.5 and 7.4.4
- Fix bug #62890: defaultsockettimeout=-1 causes connection to timeout
- Fix bug #70362: Can't copy() large 'data://' with open_basedir
- Fix bug #73527: Invalid memory access in phpfilterstrip
- Fix bug #74267: segfault with streams and invalid data
- Fix bug #79787: mb_strimwidth does not trim string
- Fix bug #79877: getimagesize function silently truncates after a null byte
- Fix bug #68447: grapheme_extract take an extra trailing character
- Fix bug #68825: Inconsistent exception in DirectoryIterator::getLinkTarget()
- Fix bug #74145: wddx parsing empty boolean tag leads to SIGSEGV (CVE-2017-11143)
- Fix bug #74651: negative-size-param (-1) in memcpy in zifopensslseal() (CVE-2017-11144)
- Fix bug #74435: Buffer over-read into uninitialized memory (CVE-2017-7890)
- Fix bug #73093: Unserialize Exception object can lead to infinite loop (CVE-2016-7478)
- Fix bug #72520: Stack-based buffer overflow vulnerability in phpstreamzip_opener (CVE-2016-6297)
- Fix bug #73825: Heap out of bounds read on unserialize in finishnesteddata() (CVE-2016-10161)
- Fix bug #60491: Session module is adoptive (CVE-2011-4718)
- Fix bug #69253: ZIP Integer Overflow leads to writing past heap boundary (CVE-2015-2331)
- Fix bug #69418: CVE-2006-7243 fix regressions in 5.4+ (CVE-2015-4025)
- Fix bug #68598: pcntl_exec() should not allow null char (CVE-2015-4026)
- Fix bug #69207: moveuploadedfile allows nulls in path (CVE-2015-2348)
- Fix bug #69218: potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330)
- Fix bug #69719: Incorrect handling of paths with NULs, related to bug 69353 (CVE-2015-4598)
- Fix bug #69353: Missing null byte checks for paths in various PHP extensions (CVE-2015-3411)
- Fix bugs #70168, #70169, #70166, #70155: Use After Free Vulnerability in unserialize() with SplObjectStorage, SplDoublyLinkedList, SPLArrayObject, SPLArrayObject (CVE-2015-6831)
- Fix bug #70019: Files extracted from archive may be placed outside of destination directory (CVE-2015-6833)
- Fix bug #70388: SOAP serializefunctioncall() type confusion / RCE (CVE-2015-6836)
- Fix bug #69782: NULL pointer dereference (CVE-2015-6837, CVE-2015-6838)
- Fix bug #70433: Uninitialized pointer in pharmakedirstream when zip entry filename is "/" (CVE-2015-7804)
- Fix bug #69923: Buffer overflow and stack smashing error in pharfixfilepath (CVE-2015-5590)
- Fix bug #71488: Stack overflow when decompressing tar archives (CVE-2016-2554)
- Fix bug #72061: Out-of-bounds reads in zifgraphemestripos with negative offset (CVE-2016-4541, CVE-2016-4540)
- Fix bug #72094: Out of bounds heap read access in exif header processing (CVE-2016-4542)
- Fix bug #72093: bcpowmod accepts negative scale and corrupts one definition (CVE-2016-4537)
- Fix bug #71331: Uninitialized pointer in pharmakedirstream() (CVE-2016-4343)
- Fix bug #72241: geticuvalue_internal out-of-bounds read (CVE-2016-5093)
- Fix bug #72135: Integer Overflow in phphtmlentities() (CVE-2016-5094)
- Fix bug #72114: Integer underflow / arbitrary null write in fread/gzread (CVE-2016-5096)
- Fix bug #72339: Integer Overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)
- Fix bug #72340: Double Free Courruption in wddx_deserialize (CVE-2016-5772)
- Fix bug #72613: Inadequate error handling in bzread() (CVE-2016-5399)
- Fix bug #70480: phpurlparse_ex() buffer overflow read (CVE-2016-6288)
- Fix bug #72513: Stack-based buffer overflow vulnerability in virtualfileex (CVE-2016-6289)
- Fix bug #72562: Use After Free in unserialize() with Unexpected Session Deserialization (CVE-2016-6290)
- Fix bug #72603: Out of bound read in exifprocessIFDinMAKERNOTE (CVE-2016-6291)
- Fix bug #72533: localeacceptfrom_http out-of-bounds access (CVE-2016-6294)
- Fix bug #69975: PHP segfaults when accessing nvarchar(max) defined columns (CVE-2015-8879)
- Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c (CVE-2016-6296)
- Fix bug #72293: Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)
- Fix bug #72860: wddx_deserialize use-after-free (CVE-2016-7413)
- Fix bug #72928: Out of bound when verify signature of zip phar in pharparsezipfile (CVE-2016-7414)
- Fix bug #73007: SEH buffer overflow msgfmtformatmessage (CVE-2016-7416)
- Fix bug #73029: Missing type check when unserializing SplArray (CVE-2016-7417)
- Fix bug #73065: Out-Of-Bounds Read in phpwddxpush_element of wddx.c (CVE-2016-7418)
- Fix bug #73280: Stack Buffer Overflow in GD dynamicGetbuf (CVE-2016-8670)
- Fix bug #73764: Crash while loading hostile phar archive (CVE-2016-10159)
- Fix bug #73768: Memory corruption when loading hostile phar (CVE-2016-10160)
- Fix bug #72627: Memory Leakage In exifprocessIFDinTIFF (CVE-2016-7128)
- Fix bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories (CVE-2014-9767)
- Fix bug #70081: SoapClient info leak / null pointer dereference via multiple type confusions (CVE-2015-8835)
- Fix bug #70121: unserialize() could lead to unexpected methods execution / NULL pointer deref (CVE-2015-8876)
- Fix bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut (CVE-2016-4073)
- Fix bug #70014: opensslrandompseudo_bytes() is not cryptographically secure (CVE-2015-8867)
- Fix bug #77371: heap buffer overflow in mb regex functions - compilestringnode (CVE-2019-9023)
- Fix bug #77381: heap buffer overflow in multibyte match_at (CVE-2019-9023)
- Fix bug #77382: heap buffer overflow due to incorrect length in expandcasefold_string (CVE-2019-9023)
- Fix bug #77385: buffer overflow in fetch_token (CVE-2019-9023)
- Fix bug #77394: Buffer overflow in multibyte case folding - unicode (CVE-2019-9023)
- Fix vulnerabilities with oniguruma: CVE-2017-9226, CVE-2017-9224, CVE-2017-9227, CVE-2017-9228, CVE-2019-13224
- Fix general vulneravilities: CVE-2014-9653, CVE-2015-0235, CVE-2015-3152, CVE-2016-3074
- Fix bug #79699: PHP parses encoded cookie names so malicious
__Host-cookies can be sent (CVE-2020-7070) - Fix bug #80007: Potential type confusion in unixtojd() parameter parsing
- References