Vulnerability Details
Basic Information
| Title | (RHSA-2025:4263) Moderate: php:8.1 security update |
|---|---|
| Type | redhat |
| Published | 2025-04-28T15:01:53 |
| Last Seen | 2025-04-28T17:22:35 |
| CVSS Score | 8.2 (HIGH) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2024-11233, CVE-2024-11234, CVE-2024-8929, CVE-2025-1217, CVE-2025-1219, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861 |
|---|---|
| CWE | (CWE-125|CWE-200) |
| Bulletin Family | unix |
Description
Security Fix(es):
* php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)
* php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)
* php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)
* php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
* php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
* php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
* php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
* php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Impact Assessment
| Base Score | 8.2 |
|---|---|
| Severity | HIGH |