{"error":0,"message":null,"data":{"php":"8.2","name":"PHP 8.2","status":"s","date_start":"2022-12-08","date_end":"2026-12-31","vulnerability":[{"uuid":"24f53b6f5e4f56b78c45cd99b73255b5d8f552a1ef5ee77d4384352f59118f9b","name":"PHP 8.2 < 8.2.9","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.9","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2023-3824","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-3824","description":"[en] In PHP version 8.0.* before 8.0.30,\u00a0 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.\u00a0","date":"2023-08-11"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:L","score":"9.4","severity":"critical","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data."}]}},{"uuid":"9fd8cf0535d3c00c38acb5fed6c9e1bedce12cbbd2648c187e32ebb0ccdbd37b","name":"PHP 8.2 < 8.2.9","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.9","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2023-3823","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-3823","description":"[en] In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as\u00a0ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.\u00a0","date":"2023-08-11"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:L\/A:L","score":"8.6","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"low","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-611","name":"Improper Restriction of XML External Entity Reference","description":"The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output."}]}},{"uuid":"58eb85a6ce99f8e9302bbee68218fba614e85eba347b965ef6ba0ee60045e8d5","name":"PHP 8.2 < 8.2.7","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.7","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2023-3247","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-3247","description":"[en] In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.\u00a0","date":"2023-07-22"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:N\/A:N","score":"2.6","severity":"low","av":"network","ac":"high","pr":"low","ui":"required","s":"unchanged","c":"low","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-252","name":"Unchecked Return Value","description":"The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions."},{"cwe":"CWE-330","name":"Use of Insufficiently Random Values","description":"The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers."},{"cwe":"CWE-334","name":"Small Space of Random Values","description":"The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks."}]}},{"uuid":"e668b8d27bf50201f643ac699ec1cd56ae188427aeed902adcc3da43b05dbd4d","name":"PHP 8.2 < 8.2.3","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.3","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2023-0662","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0662","description":"[en] In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.\u00a0","date":"2023-02-16"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","score":"7.5","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"none","i":"none","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-400","name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource."},{"cwe":"CWE-779","name":"Logging of Excessive Data","description":"The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack."}]}},{"uuid":"107791b5286d55acd2a3fcea26e23e50c87c9380aebbc5fccab7f33abc59d64e","name":"PHP 8.2 < 8.2.3","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.3","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2023-0568","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0568","description":"[en] In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.\u00a0","date":"2023-02-16"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","score":"7.5","severity":"high","av":"network","ac":"high","pr":"none","ui":"required","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-131","name":"Incorrect Calculation of Buffer Size","description":"The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow."},{"cwe":"CWE-770","name":"Allocation of Resources Without Limits or Throttling","description":"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated."}]}},{"uuid":"a2242fe77975693d33f09cf1bb9fdc9fd23f779b45eab8bcb60910a310bb06f3","name":"PHP 8.2 < 8.2.3","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.3","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2023-0567","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0567","description":"[en] In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.\u00a0","date":"2023-02-16"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N","score":"7.7","severity":"high","av":"local","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-328","name":"Use of Weak Hash","description":"The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack)."},{"cwe":"CWE-916","name":"Use of Password Hash With Insufficient Computational Effort","description":"The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive."}]}},{"uuid":"98a5ea4446d2cefa09a154d2ab9b47a993a1f500b95a8128d5db8b433518b5b7","name":"PHP 8.2 < 8.2.0","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.0","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2022-37454","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-37454","description":"[en] The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.","date":"2022-10-21"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"9.8","severity":"critical","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-190","name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can\n         produce an integer overflow or wraparound when the logic\n         assumes that the resulting value will always be larger than\n         the original value. This occurs when an integer value is\n         incremented to a value that is too large to store in the\n         associated representation. When this occurs, the value may\n         become a very small or negative number."},{"cwe":"CWE-680","name":"Integer Overflow to Buffer Overflow","description":"The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow."}]}},{"uuid":"03702e81ba01e3ea6de3a18a69479f9e40b9e8aeb5b325dfdf38041ef8a01b67","name":"PHP 8.2 < 8.2.1","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.1","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2022-31631","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-31631","description":"[en] In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.","date":"2025-02-12"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N","score":"9.1","severity":"critical","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-190","name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can\n         produce an integer overflow or wraparound when the logic\n         assumes that the resulting value will always be larger than\n         the original value. This occurs when an integer value is\n         incremented to a value that is too large to store in the\n         associated representation. When this occurs, the value may\n         become a very small or negative number."},{"cwe":"CWE-74","name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","description":"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component."}]}},{"uuid":"d6db64fd34c3defa0c3312805151e0c77e97a13f9c8cf7ba7b976e6c1de8da27","name":"PHP 8.2 < 8.2.20","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.20","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-4577","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-4577","description":"[en] In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.","date":"2024-06-09"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"9.8","severity":"critical","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":true,"cwe":[{"cwe":"CWE-78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."}]}},{"uuid":"df9f21125a56b0d7b5aa32d2fc1a99553ab302f570b9c66287d2f7ba14eddd14","name":"PHP 8.2 < 8.2.20","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.20","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-5585","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-5585","description":"[en] In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for\u00a0CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue:\u00a0when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.","date":"2024-06-09"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:L","score":"7.7","severity":"high","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-116","name":"Improper Encoding or Escaping of Output","description":"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved."},{"cwe":"CWE-78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."}]}},{"uuid":"e780aeab886ffbf2d101a498a81e0ed90f7ffffa8c96f1d68190cdddb6924881","name":"PHP 8.2 < 8.2.20","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.20","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-2408","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-2408","description":"[en] The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request:  https:\/\/github.com\/openssl\/openssl\/pull\/13817  (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.\n\nPHP Windows builds for the versions\u00a08.1.29,\u00a08.2.20 and\u00a08.3.8 and above include OpenSSL patches that fix the vulnerability.","date":"2024-06-09"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","score":"5.9","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"high","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-203","name":"Observable Discrepancy","description":"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not."},{"cwe":"CWE-208","name":"Observable Timing Discrepancy","description":"Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not."},{"cwe":"CWE-327","name":"Use of a Broken or Risky Cryptographic Algorithm","description":"The product uses a broken or risky cryptographic algorithm or protocol."},{"cwe":"CWE-385","name":"Covert Timing Channel","description":"Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information."}]}},{"uuid":"1f1c44d6882f6aba8d4925c5f6e61b8f7f23b7dba3ebfc7e4d70093f241b8d14","name":"PHP 8.2 < 8.2.20","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.20","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-5458","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-5458","description":"[en] In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs\u00a0(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.","date":"2024-06-09"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","score":"5.3","severity":"medium","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"none","i":"low","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-20","name":"Improper Input Validation","description":"The product receives input or data, but it does\n        not validate or incorrectly validates that the input has the\n        properties that are required to process the data safely and\n        correctly."},{"cwe":"CWE-345","name":"Insufficient Verification of Data Authenticity","description":"The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data."}]}},{"uuid":"18ba0d2dd4a930d0b645ef686af351c1cf9e9ca830e734f44111b807760019a3","name":"PHP 8.2 < 8.2.24","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.24","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-8926","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-8926","description":"[en] In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https:\/\/github.com\/advisories\/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.","date":"2024-10-08"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"8.1","severity":"high","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."}]}},{"uuid":"9d5468d4308b7b7fb75f369a47f3d686e7bbcf47e7def2b4e70060aa8122d82a","name":"PHP 8.2 < 8.2.24","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.24","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-8927","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-8927","description":"[en] In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to\u00a0cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.","date":"2024-10-08"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","score":"7.5","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-1220","name":"Insufficient Granularity of Access Control","description":"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and\/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets."}]}},{"uuid":"77e90297ea5f81df7cffaab10d38bb2bfb83a801ebefee8f8ad316519976bf87","name":"PHP 8.2 < 8.2.24","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.24","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-8925","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-8925","description":"[en] In PHP versions\u00a08.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.","date":"2024-10-08"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","score":"3.1","severity":"low","av":"network","ac":"high","pr":"low","ui":"none","s":"unchanged","c":"none","i":"low","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-1286","name":"Improper Validation of Syntactic Correctness of Input","description":"The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax."},{"cwe":"CWE-444","name":"Inconsistent Interpretation of HTTP Requests ('HTTP Request\/Response Smuggling')","description":"The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination."}]}},{"uuid":"90675579ae400f37b3d3924d431e562a6ca8808a9fa28f535ca7757f5d42f645","name":"PHP 8.2 < 8.2.24","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.24","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-9026","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-9026","description":"[en] In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is\u00a0configured to catch workers output through catch_workers_output = yes,\u00a0it may be possible to pollute the final log or\u00a0remove up to 4 characters from the log messages by manipulating log message content. Additionally, if\u00a0PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.","date":"2024-10-08"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","score":"3.3","severity":"low","av":"local","ac":"low","pr":"low","ui":"none","s":"unchanged","c":"none","i":"low","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-117","name":"Improper Output Neutralization for Logs","description":"The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file."},{"cwe":"CWE-158","name":"Improper Neutralization of Null Byte or NUL Character","description":"The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component."}]}},{"uuid":"0d4c97b5106b2433b71503a87ea16ae45c94cb74af41d2a3ccae9c931e0bcb9a","name":"PHP 8.2 < 8.2.26","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.26","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-11236","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-11236","description":"[en] In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.","date":"2024-11-24"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"9.8","severity":"critical","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-190","name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can\n         produce an integer overflow or wraparound when the logic\n         assumes that the resulting value will always be larger than\n         the original value. This occurs when an integer value is\n         incremented to a value that is too large to store in the\n         associated representation. When this occurs, the value may\n         become a very small or negative number."},{"cwe":"CWE-787","name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"9f5812bb2110ad4abf02fef1708156f5587e5370e11c0be65ec49fd82c8478ff","name":"PHP 8.2 < 8.2.26","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.26","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-11233","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-11233","description":"[en] In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in\u00a0convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.","date":"2024-11-24"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:L","score":"4.8","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"low","i":"none","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-122","name":"Heap-based Buffer Overflow","description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."},{"cwe":"CWE-787","name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"8dcd7ce072b0b4091399399c352542de6920304ff263daf6800c8c44b6469298","name":"PHP 8.2 < 8.2.26","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.26","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-11234","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-11234","description":"[en] In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.","date":"2024-11-24"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","score":"4.8","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"low","i":"low","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-20","name":"Improper Input Validation","description":"The product receives input or data, but it does\n        not validate or incorrectly validates that the input has the\n        properties that are required to process the data safely and\n        correctly."},{"cwe":"CWE-74","name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","description":"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component."}]}},{"uuid":"8d3cdd97f6bdd00f5715b28a91252854032ef9e1a030f80f487017500bdeeb94","name":"PHP 8.2 < 8.2.28","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.28","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-1219","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-1219","description":"CVE-2025-1219","date":"2025-01-01"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","score":"5.3","severity":"medium","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"none","i":"low","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-1116","name":"Inaccurate Source Code Comments","description":"The source code contains comments that do not accurately\n\t\t\t\t\tdescribe or explain aspects of the portion of the code with which the comment is\n\t\t\t\t\tassociated."},{"cwe":"CWE-20","name":"Improper Input Validation","description":"The product receives input or data, but it does\n        not validate or incorrectly validates that the input has the\n        properties that are required to process the data safely and\n        correctly."}]}},{"uuid":"c75ce81b0b9799dff4f59316903c2e363f9c820f7f5e368599bfdab78e2569dd","name":"PHP 8.2 < 8.2.28","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.28","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-1736","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-1736","description":"CVE-2025-1736","date":"2025-01-01"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","score":"7.3","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"low","i":"low","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-20","name":"Improper Input Validation","description":"The product receives input or data, but it does\n        not validate or incorrectly validates that the input has the\n        properties that are required to process the data safely and\n        correctly."}]}},{"uuid":"2f5a635c10867b64fb2f5df4a3baa78012f57c207b1ad012baabbff0ae2e18f9","name":"PHP 8.2 < 8.2.28","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.28","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-1861","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-1861","description":"CVE-2025-1861","date":"2025-01-01"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"9.8","severity":"critical","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-131","name":"Incorrect Calculation of Buffer Size","description":"The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow."}]}},{"uuid":"d564443016006db71fd1dfd61207f7ebfa398549354d96b1e3290652dc0bd578","name":"PHP 8.2 < 8.2.28","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.28","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-1734","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-1734","description":"CVE-2025-1734","date":"2025-01-01"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","score":"5.3","severity":"medium","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"none","i":"low","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-20","name":"Improper Input Validation","description":"The product receives input or data, but it does\n        not validate or incorrectly validates that the input has the\n        properties that are required to process the data safely and\n        correctly."}]}},{"uuid":"3e807475a7598ac09bd078b302dd5fa5602d7a01fc0316dfe6396c5ca20b43fe","name":"PHP 8.2 < 8.2.28","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.28","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-1217","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-1217","description":"CVE-2025-1217","date":"2025-01-01"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","score":"3.1","severity":"low","av":"network","ac":"high","pr":"low","ui":"none","s":"unchanged","c":"none","i":"low","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-20","name":"Improper Input Validation","description":"The product receives input or data, but it does\n        not validate or incorrectly validates that the input has the\n        properties that are required to process the data safely and\n        correctly."},{"cwe":"CWE-436","name":"Interpretation Conflict","description":"Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state."}]}},{"uuid":"5d1ba3e540dd7d641d0ce349cab9b77f6f5f436ce6b17f7becc850d90a565c7e","name":"PHP 8.2 < 8.2.26","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.26","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-8932","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-8932","description":"[en] In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.","date":"2024-11-22"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"9.8","severity":"critical","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-787","name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"6ed119185c3c64d4fff79dd95f5caa81d97fa728f54b441a8d346dc5d849e0e8","name":"PHP 8.2 < 8.2.26","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.26","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-8929","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-8929","description":"[en] In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.","date":"2024-11-22"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","score":"5.8","severity":"medium","av":"adjacent","ac":"high","pr":"low","ui":"none","s":"changed","c":"high","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-125","name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."},{"cwe":"CWE-200","name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."}]}},{"uuid":"e1c616f72295614be4c9c029b5294e2a05dde72cefe23f307c51721f63da1cdc","name":"PHP 8.2 < 8.2.20","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.20","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-1874","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-1874","description":"[en] In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.\u00a0","date":"2024-04-29"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:L","score":"9.4","severity":"critical","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"high","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-116","name":"Improper Encoding or Escaping of Output","description":"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved."},{"cwe":"CWE-78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."}]}},{"uuid":"571a4c422d032c48539aa04c06c9afd63dec30e17ba0eb200881260926754982","name":"PHP 8.2 < 8.2.18","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.18","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-2756","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-2756","description":"[en] Due to an incomplete fix to  CVE-2022-31629 https:\/\/github.com\/advisories\/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host-\u00a0or __Secure-\u00a0cookie by PHP applications.\u00a0","date":"2024-04-29"}],"impact":[]},{"uuid":"034b14c563a945a215497dff27b1d2bfa0fa28cbd695ce942a6e49901071a327","name":"PHP 8.2 < 8.2.18","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.18","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2024-3096","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-3096","description":"[en] In PHP\u00a0 version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if\u00a0a password stored with password_hash() starts with a null byte (\\x00), testing a blank string as the password via password_verify() will incorrectly return true.","date":"2024-04-29"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:N\/A:N","score":"6.5","severity":"medium","av":"network","ac":"low","pr":"none","ui":"required","s":"unchanged","c":"high","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-20","name":"Improper Input Validation","description":"The product receives input or data, but it does\n        not validate or incorrectly validates that the input has the\n        properties that are required to process the data safely and\n        correctly."},{"cwe":"CWE-626","name":"Null Byte Interaction Error (Poison Null Byte)","description":"The product does not properly handle null bytes or NUL characters when passing data between different representations or components."}]}},{"uuid":"07af0810179fc62a521773c9d270a9653010593ec9e5c52ee5f12a1b1edf94ac","name":"PHP 8.2 < 8.2.29","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.29","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-1220","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-1220","description":"[en] In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.","date":"2025-07-13"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","score":"3.7","severity":"low","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"low","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-918","name":"Server-Side Request Forgery (SSRF)","description":"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination."}]}},{"uuid":"45471dc9b5ce065d772fc85b9e3a1da8084140916c8a86b3d6a0e87b5b8d9ae6","name":"PHP 8.2 < 8.2.30","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.30","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-14177","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-14177","description":"[en] In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php:\/\/filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.","date":"2025-12-27"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","score":"7.5","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"high","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-125","name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"32d81e53714ddbadd301c7ee6dfdaa2ba8aac37e559b8633875a8dd40c255495","name":"PHP 8.2 < 8.2.30","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.30","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-14178","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-14178","description":"[en] In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.","date":"2025-12-27"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:H","score":"6.5","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"none","i":"low","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-190","name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can\n         produce an integer overflow or wraparound when the logic\n         assumes that the resulting value will always be larger than\n         the original value. This occurs when an integer value is\n         incremented to a value that is too large to store in the\n         associated representation. When this occurs, the value may\n         become a very small or negative number."},{"cwe":"CWE-787","name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"f209fb943632915e9291cca1760d3a0a6c1d06f2a7d032a26a9659410a18b5e9","name":"PHP 8.2 < 8.2.30","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.30","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-14180","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-14180","description":"[en] In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \\x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.","date":"2025-12-27"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","score":"7.5","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"none","i":"none","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-476","name":"NULL Pointer Dereference","description":"The product dereferences a pointer that it expects to be valid but is NULL."}]}},{"uuid":"8ae4e38d7fc332eb2a265c8619af8b1904221af11cc80fcf621ab14da9902185","name":"PHP 8.2 < 8.2.29","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.29","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-1735","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-1735","description":"In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This\u00a0could cause crashes if Postgres server rejects the string as invalid.","date":"2025-07-05"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","score":"5.9","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"none","i":"none","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-476","name":"NULL Pointer Dereference","description":"The product dereferences a pointer that it expects to be valid but is NULL."},{"cwe":"CWE-89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data."}]}},{"uuid":"c2ee025be500c3ded7de9139765e408cfbfa0650b3998bbaacb6a85b3d695d82","name":"PHP 8.2 < 8.2.29","operator":{"min_version":null,"min_operator":null,"max_version":"8.2.29","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2025-6491","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-6491","description":"In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.","date":"2025-07-05"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","score":"5.9","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"none","i":"none","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-476","name":"NULL Pointer Dereference","description":"The product dereferences a pointer that it expects to be valid but is NULL."}]}}]},"updated":1776421341}