On February 13, 2020, the PHP development team released PHP version 5.6.40, which is a security release that fixes several vulnerabilities. These vulnerabilities were reported by security researchers and developers, and they have been verified by the PHP team. The vulnerabilities fixed in PHP 5.6.40 include:
The bcmath extension, which is available on many operating systems, contains a buffer under-read vulnerability. By supplying a string containing characters that are identified as numeric by the operating system but are not ASCII numbers, an attacker could trick the bcmath functions into reading beyond the allocated space. This could lead to memory disclosure, with a CVSS v3 score of 7.5. php version 5640 vulnerabilities verified
Running EOL software violates major cybersecurity and compliance frameworks. If you process credit cards or healthcare data, maintaining a PHP 5.6.40 environment will cause you to immediately fail PCI-DSS and HIPAA audits. On February 13, 2020, the PHP development team
On February 13, 2020, the PHP development team released PHP version 5.6.40, which is a security release that fixes several vulnerabilities. These vulnerabilities were reported by security researchers and developers, and they have been verified by the PHP team. The vulnerabilities fixed in PHP 5.6.40 include:
The bcmath extension, which is available on many operating systems, contains a buffer under-read vulnerability. By supplying a string containing characters that are identified as numeric by the operating system but are not ASCII numbers, an attacker could trick the bcmath functions into reading beyond the allocated space. This could lead to memory disclosure, with a CVSS v3 score of 7.5.
Running EOL software violates major cybersecurity and compliance frameworks. If you process credit cards or healthcare data, maintaining a PHP 5.6.40 environment will cause you to immediately fail PCI-DSS and HIPAA audits.