ALASPHP8.0-2023-008 --- phpID: oval:org.secpod.oval:def:1701623 | Date: (C)2023-09-19 (M)2024-04-17 |
Class: PATCH | Family: unix |
Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calculation of the exec procedure leading to a crash. The highest threat from this vulnerability is to system availability. PHP: SSRF bypass in FILTER_VALIDATE_URL