CVE-2025-1220 Information

Jul 14, 2025 cve

Description

In PHP versions:8.1. before 8.1.33 8.2. before 8.2.29 8.3. before 8.3.23 8.4. before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way thus opening way to security problems if the user code implements access checks before access using such functions.

Reference

https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r In PHP versions:8.1.* before 8.1.33 8.2.* before 8.2.29 8.3.* before 8.3.23 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way thus opening way to security problems if the user code implements access checks before access using such functions.

CNNVD-202507-1798 (Published: 2025-07-13)

Share on:

CVE-2025-1220 Information

Description

Reference

Related CNNVD