php -- Multiple vulnerabilities
Details
| VuXML ID |
2ac2ddc2-0051-11f0-8673-f02f7432cf97 |
| Discovery |
2025-03-13 |
| Entry |
2025-03-13 |
php.net reports:
-
CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free).
-
CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource).
-
CVE-2025-1736: Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header).
-
CVE-2025-1861: Streams: Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes).
-
CVE-2025-1734: Streams: Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon).
-
CVE-2025-1217: Streams: Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers).
References
| CVE Name |
CVE-2024-11235 |
| CVE Name |
CVE-2025-1217 |
| CVE Name |
CVE-2025-1219 |
| CVE Name |
CVE-2025-1734 |
| CVE Name |
CVE-2025-1736 |
| CVE Name |
CVE-2025-1861 |
| URL |
https://www.php.net/ChangeLog-8.php |
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.