GCVE - cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*

part: a version: 5.2.4 update: *

Vendor	Php (`9aec2613-7a27-5ce5-8ac7-140851d8da4c`)
Product	Php (`38640b93-5029-5cca-a025-ab7d01c98b51`)
Edition	windows
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/php/php-src`	purl2cpe	2026-06-01 10:17:42.460592

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1470`	vulnerable	2026-06-03 14:31:01.547703	Details available The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. Published: 2011-03-20T01:00:00.000Z Updated: 2024-08-06T22:28:41.493Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.php.net/ChangeLog-5.php http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 http://www.vupen.com/english/advisories/2011/0744	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1469`	vulnerable	2026-06-03 14:31:01.545015	Details available Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. Published: 2011-03-20T01:00:00.000Z Updated: 2024-08-06T22:28:41.600Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.php.net/ChangeLog-5.php http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://www.securityfocus.com/bid/46970 http://www.redhat.com/support/errata/RHSA-2011-1423.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1468`	vulnerable	2026-06-03 14:31:01.542244	Details available Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. Published: 2011-03-20T01:00:00.000Z Updated: 2024-08-06T22:28:41.435Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.php.net/ChangeLog-5.php http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://bugs.php.net/bug.php?id=54060 http://www.redhat.com/support/errata/RHSA-2011-1423.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1467`	vulnerable	2026-06-03 14:31:01.538878	Details available Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409. Published: 2011-03-20T01:00:00.000Z Updated: 2024-08-06T22:28:41.353Z Open on db.gcve.eu Reference links http://bugs.php.net/bug.php?id=53512 http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.php.net/ChangeLog-5.php http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:052	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1466`	vulnerable	2026-06-03 14:31:01.536098	Details available Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. Published: 2011-03-20T01:00:00.000Z Updated: 2024-08-06T22:28:41.750Z Open on db.gcve.eu Reference links http://bugs.php.net/bug.php?id=53574 http://www.securityfocus.com/bid/46967 http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.debian.org/security/2011/dsa-2266 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1464`	vulnerable	2026-06-03 14:31:01.532944	Details available Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. Published: 2011-03-20T01:00:00.000Z Updated: 2024-08-06T22:28:41.468Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.php.net/releases/5_3_6.php http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2011.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1092`	vulnerable	2026-06-03 14:30:58.576873	Details available Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. Published: 2011-03-15T17:00:00.000Z Updated: 2024-08-06T22:14:27.679Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=683183 http://securityreason.com/securityalert/8130 http://marc.info/?l=bugtraq&m=133469208622507&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/65988 http://www.securityfocus.com/bid/46786	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0755`	vulnerable	2026-06-03 14:30:51.460463	Details available Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax. Published: 2011-02-02T21:00:00.000Z Updated: 2024-08-06T22:05:53.567Z Open on db.gcve.eu Reference links http://bugs.php.net/46587 http://www.php.net/ChangeLog-5.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65426 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12589	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0708`	vulnerable	2026-06-03 14:30:50.683056	Details available exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. Published: 2011-03-20T01:00:00.000Z Updated: 2024-08-06T21:58:26.128Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://www.vupen.com/english/advisories/2011/0764 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://www.exploit-db.com/exploits/16261/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0421`	vulnerable	2026-06-03 14:30:48.891613	Details available The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. Published: 2011-03-20T01:00:00.000Z Updated: 2024-08-06T21:51:09.075Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2011:099 http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://www.vupen.com/english/advisories/2011/0764	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4699`	vulnerable	2026-06-03 14:30:43.419799	Details available The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set. Published: 2011-01-18T19:00:00.000Z Updated: 2024-08-07T03:55:34.470Z Open on db.gcve.eu Reference links http://coding.derkeiler.com/Archive/PHP/php.general/2007-04/msg00605.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12393 http://www.php.net/ChangeLog-5.php http://bugs.php.net/52941 https://exchange.xforce.ibmcloud.com/vulnerabilities/64963	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4418`	vulnerable	2026-06-03 14:29:57.711459	Details available The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. Published: 2009-12-24T17:00:00.000Z Updated: 2024-09-17T02:36:19.215Z Open on db.gcve.eu Reference links http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf http://www.suspekt.org/2009/11/28/shocking-news-in-php-exploitation/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1272`	vulnerable	2026-06-03 14:29:28.974230	Details available The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction. Published: 2009-04-08T18:00:00.000Z Updated: 2024-08-07T05:04:49.576Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2009/04/09/1 http://www.openwall.com/lists/oss-security/2009/04/01/9 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://www.php.net/releases/5_2_9.php http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.48&r2=1.1.2.49	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1271`	vulnerable	2026-06-03 14:29:28.972038	Details available The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function. Published: 2009-04-08T18:00:00.000Z Updated: 2024-08-07T05:04:49.407Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2009/04/01/9 http://www.debian.org/security/2009/dsa-1775 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15 http://secunia.com/advisories/34770	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-7243`	vulnerable	2026-06-03 14:27:55.371020	Details available PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. Published: 2011-01-18T19:00:00.000Z Updated: 2024-08-07T20:57:41.063Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/44951 http://svn.php.net/viewvc?view=revision&revision=305412 http://openwall.com/lists/oss-security/2010/11/18/5 http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://openwall.com/lists/oss-security/2010/12/09/11	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.