Moderate severityNVD Advisory· Published Oct 22, 2014· Updated Jun 17, 2026
CVE-2014-8088
CVE-2014-8088
Description
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zendframework/zendframeworkPackagist | >= 2.0.0, < 2.0.99 | 2.0.99 |
zendframework/zendframeworkPackagist | >= 2.1.0, < 2.1.99 | 2.1.99 |
zendframework/zendframeworkPackagist | >= 2.2.0, < 2.2.8 | 2.2.8 |
zendframework/zendframeworkPackagist | >= 2.3.0, < 2.3.3 | 2.3.3 |
zendframework/zendframework1Packagist | >= 1.12.0, < 1.12.9 | 1.12.9 |
Affected products
23cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*range: <=1.12.7
- cpe:2.3:a:zend:zend_framework:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 2.0.0, < 2.0.99+ 1 more
- (no CPE)range: >= 2.0.0, < 2.0.99
- (no CPE)range: >= 1.12.0, < 1.12.9
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-f6rc-rh43-h8grghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-8088ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.htmlnvdWEB
- www.debian.org/security/2015/dsa-3265nvdWEB
- www.openwall.com/lists/oss-security/2014/10/10/5nvdWEB
- www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdWEB
- www.securityfocus.com/bid/70378nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/97038nvdWEB
- framework.zend.com/security/advisory/ZF2014-05ghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2014-8088.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2014-8088.yamlghsaWEB
- github.com/zendframework/zendframework/commit/a4222a6c1dc809f0f32fdafcd1ac4d583a075f2fghsaWEB
News mentions
0No linked articles in our index yet.