VYPR
Moderate severityNVD Advisory· Published Oct 22, 2014· Updated Jun 17, 2026

CVE-2014-8088

CVE-2014-8088

Description

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
zendframework/zendframeworkPackagist
>= 2.0.0, < 2.0.992.0.99
zendframework/zendframeworkPackagist
>= 2.1.0, < 2.1.992.1.99
zendframework/zendframeworkPackagist
>= 2.2.0, < 2.2.82.2.8
zendframework/zendframeworkPackagist
>= 2.3.0, < 2.3.32.3.3
zendframework/zendframework1Packagist
>= 1.12.0, < 1.12.91.12.9

Affected products

23
  • Zend/Framework21 versions
    cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*range: <=1.12.7
    • cpe:2.3:a:zend:zend_framework:1.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:1.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:1.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:1.12.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:1.12.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.01:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    >= 2.0.0, < 2.0.99+ 1 more
    • (no CPE)range: >= 2.0.0, < 2.0.99
    • (no CPE)range: >= 1.12.0, < 1.12.9

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.