Cmb

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.0.* through 8.0.26 PHP versions 8.1.* through 8.1.14 PHP versions 8.2.* through 8.2.1 **Description** The issue occurs due to an uncaught integer overflow in the `PDO::quote()` function of PDO SQLite, which can return an improperly quoted string when called on user-supplied input without length restrictions. This can lead to SQL injection vulnerabilities, allowing attackers to inject malicious code and potentially gain control. The vulnerability affects multiple versions of PHP and poses a significant risk to websites and applications relying on the PHP Data Objects (PDO) extension for SQLite database interactions. **Recommendations** Update to PHP version 8.0.27 or later to fix the PDO/SQLite issue. Update to PHP version 8.1.15 or later to fix the PDO/SQLite issue. Update to PHP version 8.2.2 or later to fix the PDO/SQLite issue. As a temporary workaround, consider restricting the use of the `PDO::quote()` function until a patch is available. Avoid using the `PDO::quote()` function with user-supplied input without proper length restrictions in place.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.4.33, 8.0.25 and 8.1.12 **Description** The issue is related to the `imageloadfont()` function in the gd extension, which can be exploited by providing a specially crafted font file. When the loaded font is used with the `imagechar()` function, it can lead to reading outside the allocated buffer, resulting in crashes or disclosure of confidential information. **Recommendations** For PHP versions prior to 7.4.33, update to version 7.4.33 or later. For PHP versions prior to 8.0.25, update to version 8.0.25 or later. For PHP versions prior to 8.1.12, update to version 8.1.12 or later. As a temporary workaround, consider disabling the `imageloadfont()` function in the gd extension until a patch is available. Restrict access to the gd extension to minimize the risk of exploitation. Avoid using the `imagechar()` function with loaded fonts from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.4.31 PHP versions prior to 8.0.24 PHP versions prior to 8.1.11 **Description** The issue is related to the execution of a loop with an unreachable exit condition, allowing an attacker to cause a denial of service. In PHP, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. **Recommendations** For PHP versions prior to 7.4.31, update to version 7.4.31 or later. For PHP versions prior to 8.0.24, update to version 8.0.24 or later. For PHP versions prior to 8.1.11, update to version 8.1.11 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions 7.3.x through 7.3.30 PHP versions 7.4.x through 7.4.23 PHP versions 8.0.x through 8.0.10 **Description** The issue arises from the incorrect restriction of the path name to a directory with limited access in the ZipArchive::extractTo function of the PHP interpreter. This can be exploited by a remote attacker to create or overwrite files, subject to OS permissions. The vulnerability exists in the PHP interpreter when extracting a ZIP file, potentially allowing files to be created or overwritten outside the target directory. **Recommendations** For PHP versions 7.3.x through 7.3.30, update to version 7.3.31 or later. For PHP versions 7.4.x through 7.4.23, update to version 7.4.24 or later. For PHP versions 8.0.x through 8.0.10, update to version 8.0.11 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions 7.3.x through 7.3.14 PHP versions 7.4.x through 7.4.2 **Description** The issue arises when extracting PHAR files on Windows using the phar extension. Certain content inside a PHAR file could lead to a one-byte read past the allocated buffer, potentially resulting in information disclosure or a crash. **Recommendations** For PHP versions 7.3.x through 7.3.14, update to version 7.3.15 or later. For PHP versions 7.4.x through 7.4.2, update to version 7.4.3 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions 7.2.x below 7.2.26 PHP versions 7.3.x below 7.3.13 PHP version 7.4.0 **Description** The issue is related to a buffer overflow vulnerability in the PHP bcmath extension functions. On some systems, including Windows, these functions can be tricked into reading beyond the allocated space by supplying a string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can lead to the disclosure of the content of some memory locations. The vulnerability may allow a remote attacker to gain unauthorized access to information. **Recommendations** For PHP version 7.2.x below 7.2.26, update to version 7.2.26 or later. For PHP version 7.3.x below 7.3.13, update to version 7.3.13 or later. For PHP version 7.4.0, update to a later version. As a temporary workaround, consider disabling the bcmath extension functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GD Graphics Library versions 2.2.5 PHP versions 7.1.x through 7.1.29 PHP versions 7.2.x through 7.2.18 PHP versions 7.3.x through 7.3.5 **Description** The issue is related to the `gdImageCreateFromXbm()` function in the GD Graphics Library, which is used in the PHP GD extension. It is caused by a lack of input validation, allowing a remote attacker to supply data that may lead to the disclosure of contents of the stack left by previous code. This can potentially allow unauthorized access to information. **Recommendations** For PHP versions 7.1.x through 7.1.29, update to version 7.1.30 or later. For PHP versions 7.2.x through 7.2.18, update to version 7.2.19 or later. For PHP versions 7.3.x through 7.3.5, update to version 7.3.6 or later. As a temporary workaround, consider disabling the `gdImageCreateFromXbm()` function until a patch is available.