CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1217 – Header parser of http stream wrapper does not handle folded headers
https://notcve.org/view.php?id=CVE-2025-1217
17 Mar 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that PHP incorrectly handle certai... • https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1219 – libxml streams use wrong content-type header when requesting a redirected resource
https://notcve.org/view.php?id=CVE-2025-1219
17 Mar 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations. In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP ... • https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc • CWE-1116: Inaccurate Comments •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1734 – Streams HTTP wrapper does not fail for headers with invalid name and no colon
https://notcve.org/view.php?id=CVE-2025-1734
17 Mar 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers. It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that PHP incorrectly handle certain folded hea... • https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1736 – Stream HTTP wrapper header check might omit basic auth header
https://notcve.org/view.php?id=CVE-2025-1736
17 Mar 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted. It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that PHP incorrectly handle certain folded headers.... • https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1861 – Stream HTTP wrapper truncates redirect location to 1024 bytes
https://notcve.org/view.php?id=CVE-2025-1861
17 Mar 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location. It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use... • https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.3EPSS: 4%CPEs: 85EXPL: 0CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
14 Jun 2006 — zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U •