Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by swoole

    CVE-2026-24814 (GCVE-0-2026-24814)

    Vulnerability from nvd – Published: 2026-01-27 08:50 – Updated: 2026-01-27 20:42
    VLAI
    Title
    A integer overflow in swoole/swoole-src
    Summary
    Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    swoole swoole-src Affected: 0 , < 6.0.2 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24814",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T20:42:00.186484Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T20:42:37.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/swoole/swoole-src",
              "defaultStatus": "affected",
              "modules": [
                "thirdparty/hiredis"
              ],
              "product": "swoole-src",
              "programFiles": [
                "sds.c"
              ],
              "vendor": "swoole",
              "versions": [
                {
                  "lessThan": "6.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003esds.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects swoole-src: before 6.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C.\n\nThis issue affects swoole-src: before 6.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-27T08:50:48.964Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/swoole/swoole-src/pull/5698"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A integer overflow in swoole/swoole-src",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2026-24814",
        "datePublished": "2026-01-27T08:50:48.964Z",
        "dateReserved": "2026-01-27T08:48:56.893Z",
        "dateUpdated": "2026-01-27T20:42:37.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-24275 (GCVE-0-2020-24275)

    Vulnerability from nvd – Published: 2023-07-20 00:00 – Updated: 2024-10-24 19:48
    VLAI
    Summary
    A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:12:08.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/pull/3539"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/pull/3545"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cal1.cn/post/HTTP%20Response%20Header%20Injection%20in%20Swoole%3C%3D4.5.2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://portswigger.net/kb/issues/00200200_http-response-header-injection"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-24275",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T19:47:56.801613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T19:48:06.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/swoole/swoole-src/pull/3539"
            },
            {
              "url": "https://github.com/swoole/swoole-src/pull/3545"
            },
            {
              "url": "https://blog.cal1.cn/post/HTTP%20Response%20Header%20Injection%20in%20Swoole%3C%3D4.5.2"
            },
            {
              "url": "https://portswigger.net/kb/issues/00200200_http-response-header-injection"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-24275",
        "datePublished": "2023-07-20T00:00:00.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-10-24T19:48:06.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43676 (GCVE-0-2021-43676)

    Vulnerability from nvd – Published: 2021-12-03 13:50 – Updated: 2024-08-04 04:03
    VLAI
    Summary
    matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:03:08.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/matyhtf/framework/issues/206"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T13:50:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/matyhtf/framework/issues/206"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-43676",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/matyhtf/framework/issues/206",
                  "refsource": "MISC",
                  "url": "https://github.com/matyhtf/framework/issues/206"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-43676",
        "datePublished": "2021-12-03T13:50:04.000Z",
        "dateReserved": "2021-11-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:03:08.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15518 (GCVE-0-2019-15518)

    Vulnerability from nvd – Published: 2019-08-23 14:51 – Updated: 2024-08-05 00:49
    VLAI
    Summary
    Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:49:13.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/compare/v4.2.12...v4.2.13"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/pull/2323"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-23T14:51:59.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/swoole/swoole-src/compare/v4.2.12...v4.2.13"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/swoole/swoole-src/pull/2323"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/swoole/swoole-src/compare/v4.2.12...v4.2.13",
                  "refsource": "MISC",
                  "url": "https://github.com/swoole/swoole-src/compare/v4.2.12...v4.2.13"
                },
                {
                  "name": "https://github.com/swoole/swoole-src/pull/2323",
                  "refsource": "MISC",
                  "url": "https://github.com/swoole/swoole-src/pull/2323"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15518",
        "datePublished": "2019-08-23T14:51:59.000Z",
        "dateReserved": "2019-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:49:13.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15503 (GCVE-0-2018-15503)

    Vulnerability from nvd – Published: 2018-08-18 02:00 – Updated: 2024-08-05 09:54
    VLAI
    Summary
    The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:54:03.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/issues/1882"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-21T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/swoole/swoole-src/issues/1882"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15503",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/swoole/swoole-src/issues/1882",
                  "refsource": "MISC",
                  "url": "https://github.com/swoole/swoole-src/issues/1882"
                },
                {
                  "name": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76",
                  "refsource": "MISC",
                  "url": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76"
                },
                {
                  "name": "https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/",
                  "refsource": "MISC",
                  "url": "https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15503",
        "datePublished": "2018-08-18T02:00:00.000Z",
        "dateReserved": "2018-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:54:03.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-24814 (GCVE-0-2026-24814)

    Vulnerability from cvelistv5 – Published: 2026-01-27 08:50 – Updated: 2026-01-27 20:42
    VLAI
    Title
    A integer overflow in swoole/swoole-src
    Summary
    Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    swoole swoole-src Affected: 0 , < 6.0.2 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24814",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T20:42:00.186484Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T20:42:37.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/swoole/swoole-src",
              "defaultStatus": "affected",
              "modules": [
                "thirdparty/hiredis"
              ],
              "product": "swoole-src",
              "programFiles": [
                "sds.c"
              ],
              "vendor": "swoole",
              "versions": [
                {
                  "lessThan": "6.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003esds.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects swoole-src: before 6.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C.\n\nThis issue affects swoole-src: before 6.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-27T08:50:48.964Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/swoole/swoole-src/pull/5698"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A integer overflow in swoole/swoole-src",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2026-24814",
        "datePublished": "2026-01-27T08:50:48.964Z",
        "dateReserved": "2026-01-27T08:48:56.893Z",
        "dateUpdated": "2026-01-27T20:42:37.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-24275 (GCVE-0-2020-24275)

    Vulnerability from cvelistv5 – Published: 2023-07-20 00:00 – Updated: 2024-10-24 19:48
    VLAI
    Summary
    A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:12:08.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/pull/3539"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/pull/3545"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cal1.cn/post/HTTP%20Response%20Header%20Injection%20in%20Swoole%3C%3D4.5.2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://portswigger.net/kb/issues/00200200_http-response-header-injection"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-24275",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T19:47:56.801613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T19:48:06.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/swoole/swoole-src/pull/3539"
            },
            {
              "url": "https://github.com/swoole/swoole-src/pull/3545"
            },
            {
              "url": "https://blog.cal1.cn/post/HTTP%20Response%20Header%20Injection%20in%20Swoole%3C%3D4.5.2"
            },
            {
              "url": "https://portswigger.net/kb/issues/00200200_http-response-header-injection"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-24275",
        "datePublished": "2023-07-20T00:00:00.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-10-24T19:48:06.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43676 (GCVE-0-2021-43676)

    Vulnerability from cvelistv5 – Published: 2021-12-03 13:50 – Updated: 2024-08-04 04:03
    VLAI
    Summary
    matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:03:08.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/matyhtf/framework/issues/206"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T13:50:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/matyhtf/framework/issues/206"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-43676",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/matyhtf/framework/issues/206",
                  "refsource": "MISC",
                  "url": "https://github.com/matyhtf/framework/issues/206"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-43676",
        "datePublished": "2021-12-03T13:50:04.000Z",
        "dateReserved": "2021-11-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:03:08.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15518 (GCVE-0-2019-15518)

    Vulnerability from cvelistv5 – Published: 2019-08-23 14:51 – Updated: 2024-08-05 00:49
    VLAI
    Summary
    Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:49:13.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/compare/v4.2.12...v4.2.13"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/pull/2323"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-23T14:51:59.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/swoole/swoole-src/compare/v4.2.12...v4.2.13"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/swoole/swoole-src/pull/2323"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/swoole/swoole-src/compare/v4.2.12...v4.2.13",
                  "refsource": "MISC",
                  "url": "https://github.com/swoole/swoole-src/compare/v4.2.12...v4.2.13"
                },
                {
                  "name": "https://github.com/swoole/swoole-src/pull/2323",
                  "refsource": "MISC",
                  "url": "https://github.com/swoole/swoole-src/pull/2323"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15518",
        "datePublished": "2019-08-23T14:51:59.000Z",
        "dateReserved": "2019-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:49:13.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15503 (GCVE-0-2018-15503)

    Vulnerability from cvelistv5 – Published: 2018-08-18 02:00 – Updated: 2024-08-05 09:54
    VLAI
    Summary
    The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:54:03.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/issues/1882"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-21T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/swoole/swoole-src/issues/1882"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15503",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/swoole/swoole-src/issues/1882",
                  "refsource": "MISC",
                  "url": "https://github.com/swoole/swoole-src/issues/1882"
                },
                {
                  "name": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76",
                  "refsource": "MISC",
                  "url": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76"
                },
                {
                  "name": "https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/",
                  "refsource": "MISC",
                  "url": "https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15503",
        "datePublished": "2018-08-18T02:00:00.000Z",
        "dateReserved": "2018-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:54:03.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }