[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-7584":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":83,"duplicate_of":9,"upstream":84,"downstream":85,"duplicates":110,"related":111,"reserved_at":9,"published_at":116,"modified_at":117,"state":118,"summary":119,"references_raw":127,"kevs":201,"epss":202,"epss_history":205,"metrics":431,"affected":440},"CVE-2018-7584","In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[69],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":77,"platforms":78,"requires_auth":9,"exploitdb":80,"metasploit":9},"44846","PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow","exploit-database","https://www.exploit-db.com/exploits/44846","poc",0.8,true,"dos",[79],"php",{"verified":76,"type":77,"platform":79,"file":81,"codes":82},"exploits/php/dos/44846.txt",[7],[],[],[86,88,90,92,94,96,98,100,102,104,106,108],{"_key":87},"ALPINE-CVE-2018-7584",{"_key":89},"RHSA-2020:1112",{"_key":91},"SUSE-SU-2018:0646-1",{"_key":93},"SUSE-SU-2018:0717-1",{"_key":95},"SUSE-SU-2018:0806-1",{"_key":97},"DLA-1326-1",{"_key":99},"DLA-1397-1",{"_key":101},"DSA-4240-1",{"_key":103},"MGASA-2018-0167",{"_key":105},"UBUNTU-CVE-2018-7584",{"_key":107},"USN-3600-1",{"_key":109},"RHSA-2019:2519",[],[112,113,114,115],{"_key":91},{"_key":93},{"_key":95},{"_key":103},"2018-03-01T18:00:00.000Z","2024-08-05T06:31:04.995Z","Modified",{"cisa_kev":120,"cisa_ransomware":120,"cisa_vendor":9,"epss_severity":121,"epss_score":122,"severity":121,"severity_score":123,"severity_version":124,"severity_source":125,"severity_vector":126,"severity_status":118},false,"critical",0.83066,9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[128,136,141,147,153,157,161,167,172,178,183,187,191,196],{"url":129,"sources":130,"tags":132},"https://usn.ubuntu.com/3600-1/",[131,125],"cve.org",[133,134,135],"Vendor Advisory","X Refsource UBUNTU","Third Party Advisory",{"url":137,"sources":138,"tags":139},"https://www.debian.org/security/2018/dsa-4240",[131,125],[133,140,135],"X Refsource DEBIAN",{"url":142,"sources":143,"tags":144},"https://bugs.php.net/bug.php?id=75981",[131,125],[145,146],"X Refsource CONFIRM","Issue Tracking",{"url":148,"sources":149,"tags":150},"https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html",[131,125],[151,152,135],"Mailing List","X Refsource MLIST",{"url":154,"sources":155,"tags":156},"https://www.tenable.com/security/tns-2018-12",[131,125],[145,135],{"url":158,"sources":159,"tags":160},"https://www.tenable.com/security/tns-2018-03",[131,125],[145,135],{"url":162,"sources":163,"tags":164},"http://www.securitytracker.com/id/1041607",[131,125],[165,166,135],"VDB Entry","X Refsource SECTRACK",{"url":168,"sources":169,"tags":170},"https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba",[131,125],[145,171],"Patch",{"url":173,"sources":174,"tags":175},"https://www.exploit-db.com/exploits/44846/",[131,125],[176,177,135,165],"Exploit","X Refsource EXPLOIT DB",{"url":179,"sources":180,"tags":181},"http://php.net/ChangeLog-7.php",[131,125],[145,182],"Release Notes",{"url":184,"sources":185,"tags":186},"https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html",[131,125],[151,152,135],{"url":188,"sources":189,"tags":190},"https://usn.ubuntu.com/3600-2/",[131,125],[133,134,135],{"url":192,"sources":193,"tags":194},"http://www.securityfocus.com/bid/103204",[131,125],[165,195,135],"X Refsource BID",{"url":197,"sources":198,"tags":199},"https://access.redhat.com/errata/RHSA-2019:2519",[131,125],[133,200],"X Refsource REDHAT",[],{"date":203,"score":122,"percentile":204},"2026-06-04",0.99275,[206,210,213,215,218,220,223,226,228,230,232,234,236,238,240,244,247,250,254,256,258,261,263,265,268,270,273,275,279,282,285,287,289,291,293,295,298,301,304,306,309,311,313,316,318,320,322,324,326,329,331,334,337,339,343,346,349,353,356,359,361,364,367,369,371,374,376,378,380,383,385,387,390,392,395,397,400,402,404,406,408,411,413,415,417,419,421,423,425,427],{"date":207,"score":208,"percentile":209},"2025-11-04",0.78068,0.9896,{"date":211,"score":208,"percentile":212},"2025-11-05",0.98958,{"date":214,"score":208,"percentile":212},"2025-11-06",{"date":216,"score":208,"percentile":217},"2025-11-07",0.98956,{"date":219,"score":208,"percentile":217},"2025-11-08",{"date":221,"score":208,"percentile":222},"2025-11-09",0.98955,{"date":224,"score":208,"percentile":225},"2025-11-10",0.98954,{"date":227,"score":208,"percentile":225},"2025-11-11",{"date":229,"score":208,"percentile":222},"2025-11-12",{"date":231,"score":208,"percentile":222},"2025-11-13",{"date":233,"score":208,"percentile":225},"2025-11-14",{"date":235,"score":208,"percentile":225},"2025-11-15",{"date":237,"score":208,"percentile":222},"2025-11-16",{"date":239,"score":208,"percentile":222},"2025-11-17",{"date":241,"score":242,"percentile":243},"2025-11-18",0.75373,0.98963,{"date":245,"score":242,"percentile":246},"2025-11-19",0.98964,{"date":248,"score":242,"percentile":249},"2025-11-20",0.98965,{"date":251,"score":252,"percentile":253},"2025-11-21",0.79778,0.99039,{"date":255,"score":252,"percentile":253},"2025-11-22",{"date":257,"score":252,"percentile":253},"2025-11-23",{"date":259,"score":252,"percentile":260},"2025-11-24",0.9904,{"date":262,"score":252,"percentile":260},"2025-11-25",{"date":264,"score":252,"percentile":260},"2025-11-26",{"date":266,"score":252,"percentile":267},"2025-11-27",0.99041,{"date":269,"score":252,"percentile":267},"2025-11-28",{"date":271,"score":252,"percentile":272},"2025-11-29",0.99042,{"date":274,"score":252,"percentile":260},"2025-11-30",{"date":276,"score":277,"percentile":278},"2025-12-01",0.75076,0.98829,{"date":280,"score":277,"percentile":281},"2025-12-02",0.9883,{"date":283,"score":277,"percentile":284},"2025-12-03",0.98832,{"date":286,"score":252,"percentile":253},"2025-12-04",{"date":288,"score":252,"percentile":267},"2025-12-05",{"date":290,"score":252,"percentile":267},"2025-12-06",{"date":292,"score":252,"percentile":272},"2025-12-07",{"date":294,"score":252,"percentile":272},"2025-12-08",{"date":296,"score":252,"percentile":297},"2025-12-09",0.99044,{"date":299,"score":252,"percentile":300},"2025-12-10",0.99045,{"date":302,"score":252,"percentile":303},"2025-12-11",0.99047,{"date":305,"score":252,"percentile":303},"2025-12-12",{"date":307,"score":252,"percentile":308},"2025-12-13",0.99048,{"date":310,"score":252,"percentile":303},"2025-12-14",{"date":312,"score":252,"percentile":308},"2025-12-15",{"date":314,"score":252,"percentile":315},"2025-12-16",0.99049,{"date":317,"score":252,"percentile":315},"2025-12-17",{"date":319,"score":252,"percentile":308},"2025-12-18",{"date":321,"score":252,"percentile":308},"2025-12-19",{"date":323,"score":252,"percentile":315},"2025-12-20",{"date":325,"score":252,"percentile":315},"2025-12-21",{"date":327,"score":252,"percentile":328},"2025-12-22",0.9905,{"date":330,"score":252,"percentile":328},"2025-12-23",{"date":332,"score":252,"percentile":333},"2025-12-24",0.99051,{"date":335,"score":252,"percentile":336},"2025-12-25",0.99052,{"date":338,"score":252,"percentile":333},"2025-12-26",{"date":340,"score":341,"percentile":342},"2025-12-27",0.75773,0.98867,{"date":344,"score":252,"percentile":345},"2025-12-28",0.99053,{"date":347,"score":252,"percentile":348},"2025-12-29",0.99054,{"date":350,"score":351,"percentile":352},"2025-12-30",0.80641,0.99096,{"date":354,"score":351,"percentile":355},"2025-12-31",0.99098,{"date":357,"score":277,"percentile":358},"2026-01-01",0.98841,{"date":360,"score":277,"percentile":358},"2026-01-02",{"date":362,"score":277,"percentile":363},"2026-01-03",0.98842,{"date":365,"score":351,"percentile":366},"2026-01-04",0.99099,{"date":368,"score":351,"percentile":366},"2026-01-05",{"date":370,"score":351,"percentile":355},"2026-01-06",{"date":372,"score":351,"percentile":373},"2026-01-07",0.99097,{"date":375,"score":351,"percentile":355},"2026-01-08",{"date":377,"score":351,"percentile":355},"2026-01-09",{"date":379,"score":351,"percentile":366},"2026-01-10",{"date":381,"score":122,"percentile":382},"2026-01-11",0.9923,{"date":384,"score":122,"percentile":382},"2026-01-12",{"date":386,"score":122,"percentile":382},"2026-01-13",{"date":388,"score":122,"percentile":389},"2026-01-14",0.99231,{"date":391,"score":122,"percentile":389},"2026-01-15",{"date":393,"score":122,"percentile":394},"2026-01-16",0.99233,{"date":396,"score":122,"percentile":394},"2026-01-17",{"date":398,"score":122,"percentile":399},"2026-01-18",0.99232,{"date":401,"score":122,"percentile":399},"2026-01-19",{"date":403,"score":122,"percentile":399},"2026-01-20",{"date":405,"score":122,"percentile":394},"2026-01-21",{"date":407,"score":122,"percentile":394},"2026-01-22",{"date":409,"score":122,"percentile":410},"2026-01-23",0.99234,{"date":412,"score":122,"percentile":410},"2026-01-24",{"date":414,"score":122,"percentile":394},"2026-01-25",{"date":416,"score":122,"percentile":399},"2026-01-26",{"date":418,"score":122,"percentile":399},"2026-01-27",{"date":420,"score":122,"percentile":394},"2026-01-28",{"date":422,"score":122,"percentile":394},"2026-01-29",{"date":424,"score":122,"percentile":399},"2026-01-30",{"date":426,"score":122,"percentile":394},"2026-01-31",{"date":428,"score":429,"percentile":430},"2026-02-01",0.76519,0.98909,[432],{"source":125,"cvss_v2_0":433,"cvss_v3_0":438,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":434,"baseSeverity":9,"vectorString":435,"impactScore":436,"exploitabilityScore":437},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":123,"baseSeverity":439,"vectorString":126,"impactScore":123,"exploitabilityScore":437},"CRITICAL",[441,456,467],{"ecosystem":9,"name":442,"vendor":443,"product":444,"cpe_part":445,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":446},"ubuntu linux","canonical","ubuntu_linux","o",[447,450,452,454],{"version":448,"is_range":120,"range_type":449,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":451,"is_range":120,"range_type":449,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":453,"is_range":120,"range_type":449,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":455,"is_range":120,"range_type":449,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"17.10",{"ecosystem":9,"name":457,"vendor":458,"product":459,"cpe_part":445,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"debian linux","debian","debian_linux",[461,463,465],{"version":462,"is_range":120,"range_type":449,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":464,"is_range":120,"range_type":449,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":466,"is_range":120,"range_type":449,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":468,"vendor":9,"product":468,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":469},"PHP",[470,474,479,483],{"version":471,"is_range":76,"range_type":449,"version_start":9,"version_start_type":9,"version_end":472,"version_end_type":473,"fixed_in":9},"lte5.6.33","5.6.33","including",{"version":475,"is_range":76,"range_type":449,"version_start":476,"version_start_type":473,"version_end":477,"version_end_type":478,"fixed_in":9},"gte7.0.0_lt7.0.28","7.0.0","7.0.28","excluding",{"version":480,"is_range":76,"range_type":449,"version_start":481,"version_start_type":473,"version_end":482,"version_end_type":473,"fixed_in":9},"gte7.1.0_lte7.1.14","7.1.0","7.1.14",{"version":484,"is_range":76,"range_type":449,"version_start":485,"version_start_type":473,"version_end":486,"version_end_type":473,"fixed_in":9},"gte7.2.0_lte7.2.2","7.2.0","7.2.2"]