CVEFinder.io

CVE-2025-14178

πŸ”Ά medium
Summary

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.

CVSS Score
6.5
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2025-12-27
First Seen: 2026-01-05
Last Modified 2026-01-24
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE IDs (Weakness Types)
CWE-190 CWE-787

πŸ”— References 2

https://github.com/php/php-src/security/advisories/G...
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2026/01...

πŸ“¦ Affected Products 5

Vendor Product Status Affected Versions
php php Affected
≥ 8.1.0 < 8.1.34
php php Affected
≥ 8.2.0 < 8.2.30
php php Affected
≥ 8.3.0 < 8.3.29
php php Affected
≥ 8.4.0 < 8.4.16
php php Affected
≥ 8.5.0 < 8.5.1

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14177 ⚠️ high 7.5 0.0 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, ... 2025-12-27
CVE-2025-14180 ⚠️ high 7.5 0.0 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 w... 2025-12-27
CVE-2025-6491 πŸ”Ά medium 5.9 0.1 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data... 2025-07-13
CVE-2025-1220 ℹ️ low 3.7 0.0 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like f... 2025-07-13
CVE-2025-1735 πŸ”Ά medium 5.9 0.1 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functi... 2025-07-13
CVE-2024-11235 ⚠️ high 8.1 1.5 In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=  operator a... 2025-04-04
These CVEs affect the same products