rpm package
opensuse/php8&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed
Vulnerabilities (150)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-7263 | Hig | 7.5 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite | |
| CVE-2026-6104 | Cri | 9.1 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when strncasecmp() returns 0 it means the strings have the same le | |
| CVE-2026-7568 | Hig | 7.5 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 byte | |
| CVE-2026-7262 | Hig | 7.5 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereference | |
| CVE-2026-7261 | Cri | 9.8 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in a | |
| CVE-2026-7259 | Med | 6.5 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is explo | |
| CVE-2026-7258 | Hig | 7.5 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions | |
| CVE-2026-6735 | Med | 6.1 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when | |
| CVE-2026-6722 | Cri | 9.8 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains | |
| CVE-2025-14179 | Cri | 9.8 | < 8.5.6-1.1 | 8.5.6-1.1 | May 10, 2026 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via str | |
| CVE-2026-44928 | Low | 2.9 | < 8.5.7-1.1 | 8.5.7-1.1 | May 8, 2026 | In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. | |
| CVE-2026-44927 | Low | 2.9 | < 8.5.7-1.1 | 8.5.7-1.1 | May 8, 2026 | In uriparser before 1.0.2, there is pointer difference truncation to int in various places. | |
| CVE-2026-42371 | Med | 5.1 | < 8.5.6-1.1 | 8.5.6-1.1 | Apr 27, 2026 | uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | |
| CVE-2025-14177 | — | < 8.4.16-1.1 | 8.4.16-1.1 | Dec 27, 2025 | In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://fi | ||
| CVE-2025-14178 | — | < 8.4.16-1.1 | 8.4.16-1.1 | Dec 27, 2025 | In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in | ||
| CVE-2025-14180 | — | < 8.4.16-1.1 | 8.4.16-1.1 | Dec 27, 2025 | In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may | ||
| CVE-2025-67899 | Low | 2.9 | < 8.5.5-1.1 | 8.5.5-1.1 | Dec 14, 2025 | uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas. | |
| CVE-2025-1735 | — | < 8.4.10-1.1 | 8.4.10-1.1 | Jul 13, 2025 | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid. | ||
| CVE-2025-1220 | — | < 8.4.10-1.1 | 8.4.10-1.1 | Jul 13, 2025 | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in | ||
| CVE-2025-6491 | — | < 8.4.10-1.1 | 8.4.10-1.1 | Jul 13, 2025 | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the |
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when strncasecmp() returns 0 it means the strings have the same le
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 byte
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereference
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in a
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is explo
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains
- affected < 8.5.6-1.1fixed 8.5.6-1.1
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via str
- affected < 8.5.7-1.1fixed 8.5.7-1.1
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.
- affected < 8.5.7-1.1fixed 8.5.7-1.1
In uriparser before 1.0.2, there is pointer difference truncation to int in various places.
- affected < 8.5.6-1.1fixed 8.5.6-1.1
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
- CVE-2025-14177Dec 27, 2025affected < 8.4.16-1.1fixed 8.4.16-1.1
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://fi
- CVE-2025-14178Dec 27, 2025affected < 8.4.16-1.1fixed 8.4.16-1.1
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in
- CVE-2025-14180Dec 27, 2025affected < 8.4.16-1.1fixed 8.4.16-1.1
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may
- affected < 8.5.5-1.1fixed 8.5.5-1.1
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
- CVE-2025-1735Jul 13, 2025affected < 8.4.10-1.1fixed 8.4.10-1.1
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
- CVE-2025-1220Jul 13, 2025affected < 8.4.10-1.1fixed 8.4.10-1.1
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in
- CVE-2025-6491Jul 13, 2025affected < 8.4.10-1.1fixed 8.4.10-1.1
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the
Page 1 of 8