PHP 5.4.36
Approved changes feed: RSS · Atom
cpe:2.3:a:php:php:5.4.36:*:*:*:*:*:*:*
part: a version: 5.4.36 update: *
| Vendor | Php (9aec2613-7a27-5ce5-8ac7-140851d8da4c) |
|---|---|
| Product | Php (38640b93-5029-5cca-a025-ab7d01c98b51) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/php/php-src |
purl2cpe | 2026-06-01 10:17:42.512795 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2014-9427 |
vulnerable | 2026-06-03 14:34:26.947303 |
Details available
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
Published: 2015-01-03T02:00:00.000Z
Updated: 2024-08-06T13:47:41.005Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.