CNNVD-202512-4841 Information
Dec 27, 2025
cve
CNNVD ID
CNNVD-202512-4841
Related CVE
- CNNVD Published: 2025-12-27
Description (Chinese)
PHP是PHP开源的一种在服务器端执行的脚本语言。 PHP 8.1.34之前版本、8.2.30之前版本、8.3.29之前版本、8.4.16之前版本和8.5.1之前版本存在安全漏洞,该漏洞源于array_merge函数中存在堆缓冲区溢出,可能导致内存损坏或崩溃。
Description (English)
PHP is a script language executed at the server end by the PHP open source. PHP 8.1.34, 8.2.30, 8.3.29, 8.4.16 and 8.5.1 have a security loophole, which stems from the spilling of a pile of buffer zones in the array merge function, which may lead to memory damage or collapse.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Pi-hole
Published
2025-12-27
Last Modified
2026-02-24
References
https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14178
Patch
https://www.php.net/downloads.php
Share on: