ALT Linux Team

Branch c10f2 update on 2024-12-04

2024-12-04

ALT-BU-2024-16486-2

Branch c10f2 update bulletin.

ALT-PU-2024-16271-3

Package php8.2 updated to version 8.2.26-alt1 for branch c10f2 in task 363527.

Closed vulnerabilities

Published: 2024-11-20
Modified: 2025-05-06

BDU:2024-09951

Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-12-02
Modified: 2025-12-26

BDU:2024-10540

Уязвимость фильтра convert.quoted-printable-decode интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.8)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P
References:
Published: 2024-12-02
Modified: 2025-04-29

BDU:2024-10555

Уязвимость конфигурации request_fulluri интерпретатора языка программирования PHP, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

Severity: MEDIUM (4.8)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
Published: 2024-12-02
Modified: 2025-12-26

BDU:2024-10563

Уязвимость функции static enum_func_status php_mysqlnd_rset_field_read() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.8)Vector: AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM (4.3)Vector: AV:A/AC:H/Au:S/C:C/I:N/A:N
References:
Published: 2024-12-02
Modified: 2025-05-06

BDU:2024-10571

Уязвимость функции ldap_escape() интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-03-18
Modified: 2025-10-29

BDU:2025-02835

Уязвимость интерпретатора языка программирования PHP, связанная с ошибкой числового усечения, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес или вызвать отказ в обслуживании

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11233

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Severity: HIGH (8.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11234

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Severity: HIGH (7.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11236

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-11-22
Modified: 2025-11-03

CVE-2024-8929

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Severity: MEDIUM (5.8)Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2024-11-22
Modified: 2025-11-03

CVE-2024-8932

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-03-30
Modified: 2025-11-03

CVE-2025-1861

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.3)Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:

ALT-PU-2024-16275-4

Package php8.1 updated to version 8.1.31-alt1 for branch c10f2 in task 363529.

Closed vulnerabilities

Published: 2024-11-20
Modified: 2025-05-06

BDU:2024-09951

Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-12-02
Modified: 2025-12-26

BDU:2024-10540

Уязвимость фильтра convert.quoted-printable-decode интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.8)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P
References:
Published: 2024-12-02
Modified: 2025-04-29

BDU:2024-10555

Уязвимость конфигурации request_fulluri интерпретатора языка программирования PHP, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

Severity: MEDIUM (4.8)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
Published: 2024-12-02
Modified: 2025-12-26

BDU:2024-10563

Уязвимость функции static enum_func_status php_mysqlnd_rset_field_read() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.8)Vector: AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM (4.3)Vector: AV:A/AC:H/Au:S/C:C/I:N/A:N
References:
Published: 2024-12-02
Modified: 2025-05-06

BDU:2024-10571

Уязвимость функции ldap_escape() интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-03-18
Modified: 2025-10-29

BDU:2025-02835

Уязвимость интерпретатора языка программирования PHP, связанная с ошибкой числового усечения, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес или вызвать отказ в обслуживании

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11233

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Severity: HIGH (8.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11234

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Severity: HIGH (7.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11236

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-11-22
Modified: 2025-11-03

CVE-2024-8929

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Severity: MEDIUM (5.8)Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2024-11-22
Modified: 2025-11-03

CVE-2024-8932

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-03-30
Modified: 2025-11-03

CVE-2025-1861

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.3)Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:

ALT-PU-2024-17998-1

Package php8.1-soap updated to version 8.1.31-alt1 for branch c10f2 in task 363529.

Closed vulnerabilities

Published: 2024-11-20
Modified: 2025-05-06

BDU:2024-09951

Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-12-02
Modified: 2025-12-26

BDU:2024-10540

Уязвимость фильтра convert.quoted-printable-decode интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.8)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P
References:
Published: 2024-12-02
Modified: 2025-04-29

BDU:2024-10555

Уязвимость конфигурации request_fulluri интерпретатора языка программирования PHP, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

Severity: MEDIUM (4.8)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
Published: 2024-12-02
Modified: 2025-12-26

BDU:2024-10563

Уязвимость функции static enum_func_status php_mysqlnd_rset_field_read() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.8)Vector: AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM (4.3)Vector: AV:A/AC:H/Au:S/C:C/I:N/A:N
References:
Published: 2024-12-02
Modified: 2025-05-06

BDU:2024-10571

Уязвимость функции ldap_escape() интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-03-18
Modified: 2025-10-29

BDU:2025-02835

Уязвимость интерпретатора языка программирования PHP, связанная с ошибкой числового усечения, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес или вызвать отказ в обслуживании

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11233

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Severity: HIGH (8.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11234

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Severity: HIGH (7.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11236

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-11-22
Modified: 2025-11-03

CVE-2024-8929

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Severity: MEDIUM (5.8)Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2024-11-22
Modified: 2025-11-03

CVE-2024-8932

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-03-30
Modified: 2025-11-03

CVE-2025-1861

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.3)Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:

ALT-PU-2024-18002-1

Package php8.2-soap updated to version 8.2.26-alt1 for branch c10f2 in task 363527.

Closed vulnerabilities

Published: 2024-11-20
Modified: 2025-05-06

BDU:2024-09951

Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-12-02
Modified: 2025-12-26

BDU:2024-10540

Уязвимость фильтра convert.quoted-printable-decode интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.8)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P
References:
Published: 2024-12-02
Modified: 2025-04-29

BDU:2024-10555

Уязвимость конфигурации request_fulluri интерпретатора языка программирования PHP, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

Severity: MEDIUM (4.8)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
Published: 2024-12-02
Modified: 2025-12-26

BDU:2024-10563

Уязвимость функции static enum_func_status php_mysqlnd_rset_field_read() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.8)Vector: AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM (4.3)Vector: AV:A/AC:H/Au:S/C:C/I:N/A:N
References:
Published: 2024-12-02
Modified: 2025-05-06

BDU:2024-10571

Уязвимость функции ldap_escape() интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-03-18
Modified: 2025-10-29

BDU:2025-02835

Уязвимость интерпретатора языка программирования PHP, связанная с ошибкой числового усечения, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес или вызвать отказ в обслуживании

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11233

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Severity: HIGH (8.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11234

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Severity: HIGH (7.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
References:
Published: 2024-11-24
Modified: 2025-11-03

CVE-2024-11236

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-11-22
Modified: 2025-11-03

CVE-2024-8929

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Severity: MEDIUM (5.8)Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2024-11-22
Modified: 2025-11-03

CVE-2024-8932

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-03-30
Modified: 2025-11-03

CVE-2025-1861

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.3)Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top