Public
PHP
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
PHP (IBB)
$500
Out of bounds memory read in unserialize()
PHP (IBB)
$500
Use of uninitialized memory in unserialize()
PHP (IBB)
$500
Invalid parameter in memcpy function trough openssl_pbkdf2
PHP (IBB)
$500
imagefilltoborder stackoverflow on truecolor images
PHP (IBB)
$500
memcpy negative parameter _bc_new_num_ex
PHP (IBB)
$500
memcpy negative size parameter in php_resolve_path
PHP (IBB)
$500
Write out-of-bounds at number_format
PHP (IBB)
$1,000
Buffer overflow in HTTP parse_hostinfo(), parse_userinfo() and parse_scheme()
PHP (IBB)
$500
Heap overflow caused by type confusion vulnerability in merge_param()
PHP
$500
NULL Pointer Dereference in exif_process_user_comment
PHP
$1,000
Out of bound read in exif_process_IFD_in_MAKERNOTE
PHP
$1,000
ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
PHP
$1,000
Use After Free Vulnerability in PHP's GC algorithm and unserialize
PHP
$1,500
Integer overflow in ZipArchive::getFrom*
PHP
$1,000
php_snmp_error() Format String Vulnerability
PHP
-
Null pointer deref (segfault) in stream_context_get_default
PHP
$1,000
Buffer overflow in HTTP url parsing functions
PHP
$1,000
Use After Free in sortWithSortKeys()
PHP
$1,000
Format string vulnerability in zend_throw_or_error()
PHP
-
Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)
PHP
$500
Memory Corruption in phar_parse_tarfile when entry filename starts with null
PHP
$500
invalid pointer free() in phar_tar_process_metadata()
PHP
$500
Files extracted from archive may be placed outside of destination directory
PHP
$1,500
Multiple Use After Free Vulnerabilites in unserialize()
PHP
$1,000
Arbitrary code execution in str_ireplace function
PHP
$1,000
Dangling pointer in the unserialization of ArrayObject items
PHP
$500
curl_setopt_array() type confusion
PHP
$500
heap buffer overflow in enchant_broker_request_dict()
PHP
$500
Integer overflow in unserialize() (32-bits only)
PHP
$500
AddressSanitizer reports a global buffer overflow in mkgmtime() function
PHP
$1,500
SOAP serialize_function_call() type confusion / RCE
PHP
$500
zend_throw_or_error() format string vulnerability
PHP
$1,000
Uninitialized pointer in phar_make_dirstream
PHP
$1,000
Buffer over-read in exif_read_data with TIFF IFD tag
PHP
$500
Null pointer deref (segfault) in spl_autoload via ob_start
PHP
$500
null pointer deref (segfault) in zend_eval_const_expr
PHP
$500
Mem out-of-bounds write (segfault) in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER
PHP
$500
Use after free vulnerability in unserialize() with GMP
PHP
$500
Use After Free Vulnerability in session deserializer
PHP
$1,000
Use After Free Vulnerability in unserialize()
PHP
$1,000
Use After Free Vulnerability in unserialize() with SplObjectStorage
PHP
$1,000
Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
PHP
$500
Null pointer dereference in phar_get_fp_offset()