CVE-2025-1220

Low CVSS: 3.7

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.

Vendor

Php

Product

Php

CWE

CWE-918

Yayın Tarihi

2025-07-13 23:15:22

Güncelleme

2025-11-04 22:16:06

Source Identifier

security@php.net

KEV Date Added

Kategoriler

CWE-918 Php LOW Php 2025

Referanslar

https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r http://www.openwall.com/lists/oss-security/2025/07/11/4 https://lists.debian.org/debian-lts-announce/2025/07/msg00017.html https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r

Benzer Kayıtlar

High

CVE-2026-24894

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSIO…

High

CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly han…

Medium

CVE-2025-14177

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1,…

Medium

CVE-2025-14178

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1,…

High

CVE-2025-14180

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 w…

Medium

CVE-2025-1735

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functi…