This issue exists in core\admin\modules\developer\extensions\install\and core\admin\modules\developer\packages\install\ NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation.
A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
This vulnerability causes programs that use libxml2, such as PHP, to crash.
This issue exists in core\admin\modules\developer\extensions\install\and core\admin\modules\developer\packages\install\ NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Big Tree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) 2 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.The function xml Snprintf Element Content in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. If the content-name actually fits also uses 'len' rather than the updated buffer length strlen(buf).A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.A stack out-of-bounds read occurs in match_at() during regular expression searching.