Vulnerability-Lookup

alsa-2025:15687

Vulnerability from osv_almalinux

Published

2025-09-11 00:00

Modified

2025-09-29 08:55

Summary

Moderate: php:8.2 security update

Details

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)
php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)
php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "apcu-panel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.23-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.3-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.3-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.3-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-bcmath"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dba"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dbg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-embedded"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-enchant"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-ffi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-fpm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-intl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mbstring"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mysqlnd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-odbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-opcache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pdo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pear"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.10.14-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.23-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.23-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-rrd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.3-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-xdebug3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.2-2.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-zip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.22.3-1.module_el8.10.0+3796+30ed3ef7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pgsql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-process"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-snmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-soap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.28-1.module_el8.10.0+4046+958a243a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.  \n\nSecurity Fix(es):  \n\n  * php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)\n  * php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)\n  * php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)\n  * php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)\n  * php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)\n  * php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)\n  * php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)\n  * php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:15687",
  "modified": "2025-09-29T08:55:43Z",
  "published": "2025-09-11T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:15687"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-11233"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-11234"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8929"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-1217"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-1219"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-1734"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-1736"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-1861"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2327960"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2328521"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2328523"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2355917"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2356041"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2356042"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2356043"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2356046"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-15687.html"
    }
  ],
  "related": [
    "CVE-2024-8929",
    "CVE-2024-11233",
    "CVE-2024-11234",
    "CVE-2025-1217",
    "CVE-2025-1736",
    "CVE-2025-1734",
    "CVE-2025-1219",
    "CVE-2025-1861"
  ],
  "summary": "Moderate: php:8.2 security update"
}

CVE-2024-8929 (GCVE-0-2024-8929)

Vulnerability from cvelistv5 – Published: 2024-11-22 06:15 – Updated: 2025-11-03 22:33

Title

Leak partial content of the heap through heap buffer over-read in mysqlnd

Summary

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-125 - Out-of-bounds Read

Assigner

php

References

URL

Tags

https://github.com/php/php-src/security/advisorie…

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 8.1.* , < 8.1.31 (semver) Affected: 8.2.* , < 8.2.24 (semver) Affected: 8.3.* , < 8.3.14 (semver)

Credits

Sébastien Rolland

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.31",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.24",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.14",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8929",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-22T17:37:12.386428Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-22T17:40:35.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:33:10.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250110-0008/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "mysqlnd"
          ],
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.31",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.24",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.14",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "S\u00e9bastien Rolland"
        }
      ],
      "datePublic": "2024-11-21T18:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T06:15:29.643Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh",
        "discovery": "EXTERNAL"
      },
      "title": "Leak partial content of the heap through heap buffer over-read in mysqlnd",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2024-8929",
    "datePublished": "2024-11-22T06:15:29.643Z",
    "dateReserved": "2024-09-17T04:17:06.982Z",
    "dateUpdated": "2025-11-03T22:33:10.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11233 (GCVE-0-2024-11233)

Vulnerability from cvelistv5 – Published: 2024-11-24 01:08 – Updated: 2025-11-03 21:51

Title

Single byte overread with convert.quoted-printable-decode filter

Summary

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

php

References

URL

Tags

https://github.com/php/php-src/security/advisorie…

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 8.1.* , < 8.1.31 (semver) Affected: 8.2.* , < 8.2.26 (semver) Affected: 8.3.* , < 8.3.14 (semver)

Credits

Frostb1te

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.31",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.26",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.14",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.31",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.26",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.14",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.31",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.26",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.14",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11233",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-24T12:32:59.087887Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-24T12:41:42.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:51:48.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241220-0008/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "filters"
          ],
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.31",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.26",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.14",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Frostb1te"
        }
      ],
      "datePublic": "2024-11-21T18:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003econvert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.\u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in\u00a0convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T01:08:28.663Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-r977-prx",
        "discovery": "UNKNOWN"
      },
      "title": "Single byte overread with convert.quoted-printable-decode filter",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2024-11233",
    "datePublished": "2024-11-24T01:08:28.663Z",
    "dateReserved": "2024-11-15T06:22:38.785Z",
    "dateUpdated": "2025-11-03T21:51:48.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1734 (GCVE-0-2025-1734)

Vulnerability from cvelistv5 – Published: 2025-03-30 05:43 – Updated: 2025-11-03 20:57

Title

Streams HTTP wrapper does not fail for headers with invalid name and no colon

Summary

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Assigner

php

References

URL

Tags

https://github.com/php/php-src/security/advisorie…

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 8.1.* , < 8.1.32 (semver) Affected: 8.2.* , < 8.2.28 (semver) Affected: 8.3.* , < 8.3.19 (semver) Affected: 8.4.* , < 8.4.5 (semver)

Credits

Jakub Zelenka

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1734",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T14:21:51.418644Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-01T14:37:34.371Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:57:09.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250523-0009/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.32",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.28",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.19",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.4.5",
              "status": "affected",
              "version": "8.4.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jakub Zelenka"
        }
      ],
      "datePublic": "2025-03-23T17:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers."
            }
          ],
          "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-273",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-273 HTTP Response Smuggling"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-30T05:43:35.771Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36",
        "discovery": "INTERNAL"
      },
      "title": "Streams HTTP wrapper does not fail for headers with invalid name and no colon",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2025-1734",
    "datePublished": "2025-03-30T05:43:35.771Z",
    "dateReserved": "2025-02-27T04:03:59.544Z",
    "dateUpdated": "2025-11-03T20:57:09.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11234 (GCVE-0-2024-11234)

Vulnerability from cvelistv5 – Published: 2024-11-24 00:57 – Updated: 2025-11-03 21:51

Title

Configuring a proxy in a stream context might allow for CRLF injection in URIs

Summary

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-20 - Improper Input Validation

Assigner

php

References

URL

Tags

https://github.com/php/php-src/security/advisorie…

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 8.1.* , < 8.1.31 (semver) Affected: 8.2.* , < 8.2.26 (semver) Affected: 8.3.* , < 8.3.14 (semver)

Credits

Lorenzo Leonardini

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.31",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.26",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.14",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.31",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.26",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.14",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.31",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.26",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.14",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-24T12:32:39.294616Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-24T12:41:42.763Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:51:51.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241220-0008/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.31",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.26",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.14",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Lorenzo Leonardini"
        }
      ],
      "datePublic": "2024-11-21T18:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T00:57:39.349Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm",
        "discovery": "EXTERNAL"
      },
      "title": "Configuring a proxy in a stream context might allow for CRLF injection in URIs",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2024-11234",
    "datePublished": "2024-11-24T00:57:39.349Z",
    "dateReserved": "2024-11-15T06:26:08.361Z",
    "dateUpdated": "2025-11-03T21:51:51.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1736 (GCVE-0-2025-1736)

Vulnerability from cvelistv5 – Published: 2025-03-30 05:49 – Updated: 2025-11-03 20:57

Title

Stream HTTP wrapper header check might omit basic auth header

Summary

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Assigner

php

References

URL

Tags

https://github.com/php/php-src/security/advisorie…

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 8.1.* , < 8.1.32 (semver) Affected: 8.2.* , < 8.2.28 (semver) Affected: 8.3.* , < 8.3.19 (semver) Affected: 8.4.* , < 8.4.5 (semver)

Credits

Jakub Zelenka

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1736",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T12:57:12.660404Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T12:57:22.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:57:10.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250523-0006/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.32",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.28",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.19",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.4.5",
              "status": "affected",
              "version": "8.4.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jakub Zelenka"
        }
      ],
      "datePublic": "2025-03-23T17:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.\u0026nbsp;"
            }
          ],
          "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-33",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-33 HTTP Request Smuggling"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-30T05:49:14.551Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96f",
        "discovery": "INTERNAL"
      },
      "title": "Stream HTTP wrapper header check might omit basic auth header",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2025-1736",
    "datePublished": "2025-03-30T05:49:14.551Z",
    "dateReserved": "2025-02-27T04:07:07.942Z",
    "dateUpdated": "2025-11-03T20:57:10.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1861 (GCVE-0-2025-1861)

Vulnerability from cvelistv5 – Published: 2025-03-30 05:57 – Updated: 2025-11-03 20:57

Title

Stream HTTP wrapper truncates redirect location to 1024 bytes

Summary

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-131 - Incorrect Calculation of Buffer Size

Assigner

php

References

URL

Tags

https://github.com/php/php-src/security/advisorie…

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 8.1.* , < 8.1.32 (semver) Affected: 8.2.* , < 8.2.28 (semver) Affected: 8.3.* , < 8.3.19 (semver) Affected: 8.4.* , < 8.4.5 (semver)

Credits

Jakub Zelenka

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T12:55:53.101020Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T12:56:00.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:57:13.769Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250523-0005/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.32",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.28",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.19",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.4.5",
              "status": "affected",
              "version": "8.4.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jakub Zelenka"
        }
      ],
      "datePublic": "2025-03-23T17:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-220",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-220 Client-Server Protocol Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-30T05:57:57.894Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrp",
        "discovery": "INTERNAL"
      },
      "title": "Stream HTTP wrapper truncates redirect location to 1024 bytes",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2025-1861",
    "datePublished": "2025-03-30T05:57:57.894Z",
    "dateReserved": "2025-03-03T04:47:51.192Z",
    "dateUpdated": "2025-11-03T20:57:13.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1219 (GCVE-0-2025-1219)

Vulnerability from cvelistv5 – Published: 2025-03-30 05:33 – Updated: 2025-11-03 20:57

Title

libxml streams use wrong content-type header when requesting a redirected resource

Summary

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-1116 - Inaccurate Comments

Assigner

php

References

URL

Tags

https://github.com/php/php-src/security/advisorie…

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 8.1.* , < 8.1.32 (semver) Affected: 8.2.* , < 8.2.28 (semver) Affected: 8.3.* , < 8.3.19 (semver) Affected: 8.4.* , < 8.4.5 (semver)

Credits

Tim Düsterhus

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1219",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T13:10:21.300276Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1116",
                "description": "CWE-1116 Inaccurate Comments",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T13:10:25.062Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:57:06.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250523-0007/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.32",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.28",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.19",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.4.5",
              "status": "affected",
              "version": "8.4.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Tim D\u00fcsterhus"
        }
      ],
      "datePublic": "2025-03-13T17:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, w\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehen requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong \u003c/span\u003e\u003ccode\u003econtent-type\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type\u00a0header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-220",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-220 Client-Server Protocol Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-30T05:33:13.801Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7",
        "discovery": "INTERNAL"
      },
      "title": "libxml streams use wrong content-type header when requesting a redirected resource",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2025-1219",
    "datePublished": "2025-03-30T05:33:13.801Z",
    "dateReserved": "2025-02-11T04:52:06.072Z",
    "dateUpdated": "2025-11-03T20:57:06.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1217 (GCVE-0-2025-1217)

Vulnerability from cvelistv5 – Published: 2025-03-29 05:19 – Updated: 2025-11-03 20:57

Title

Header parser of http stream wrapper does not handle folded headers

Summary

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A

CWE

CWE-20 - Improper Input Validation

Assigner

php

References

URL

Tags

https://github.com/php/php-src/security/advisorie…

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 8.1.* , < 8.1.32 (semver) Affected: 8.2.* , < 8.2.28 (semver) Affected: 8.3.* , < 8.3.19 (semver) Affected: 8.4.* , < 8.4.5 (semver)

Credits

Tim Düsterhus

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1217",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T13:23:16.683201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T13:23:21.714Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:57:05.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250523-0008/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.32",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.28",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.19",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.4.5",
              "status": "affected",
              "version": "8.4.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Tim D\u00fcsterhus"
        }
      ],
      "datePublic": "2025-03-13T17:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.\u0026nbsp;\u003c/p\u003e"
            }
          ],
          "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-273",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-273 HTTP Response Smuggling"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-30T05:33:06.942Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpv",
        "discovery": "EXTERNAL"
      },
      "title": "Header parser of http stream wrapper does not handle folded headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2025-1217",
    "datePublished": "2025-03-29T05:19:33.696Z",
    "dateReserved": "2025-02-11T04:48:36.127Z",
    "dateUpdated": "2025-11-03T20:57:05.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2025:15687

Vulnerability from osv_almalinux

CVE-2024-8929 (GCVE-0-2024-8929)

CVE-2024-11233 (GCVE-0-2024-11233)

CVE-2025-1734 (GCVE-0-2025-1734)

CVE-2024-11234 (GCVE-0-2024-11234)

CVE-2025-1736 (GCVE-0-2025-1736)

CVE-2025-1861 (GCVE-0-2025-1861)

CVE-2025-1219 (GCVE-0-2025-1219)

CVE-2025-1217 (GCVE-0-2025-1217)

Tags

Sightings

Nomenclature