Lucene search
K

Fedora 42 : php (2025-2c344545bf)

šŸ—“ļøĀ 13 Jul 2025Ā 00:00:00Reported byĀ TenableTypeĀ 
nessus
Ā nessus
šŸ”—Ā www.tenable.comšŸ‘Ā 4Ā Views

Fedora 42 PHP version 8.4.10 fixes multiple vulnerabilities across various extensions and components.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2025-2c344545bf
#

include('compat.inc');

if (description)
{
  script_id(242042);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2025-1220", "CVE-2025-1735", "CVE-2025-6491");
  script_xref(name:"FEDORA", value:"2025-2c344545bf");
  script_xref(name:"IAVA", value:"2025-A-0497-S");

  script_name(english:"Fedora 42 : php (2025-2c344545bf)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2025-2c344545bf advisory.

    **PHP version 8.4.10** (03 Jul 2025)

    **BcMath:**

    * Fixed bug [GH-18641](https://github.com/php/php-src/issues/18641) (Accessing a BcMath\Number property by
    ref crashes). (nielsdos)

    **Core:**

    * Fixed bugs [GH-17711](https://github.com/php/php-src/issues/17711) and
    [GH-18022](https://github.com/php/php-src/issues/18022) (Infinite recursion on deprecated attribute
    evaluation) and [GH-18464](https://github.com/php/php-src/issues/18464) (Recursion protection for
    deprecation constants not released on bailout). (DanielEScherzer and ilutov)
    * Fixed [GH-18695](https://github.com/php/php-src/issues/18695) (zend_ast_export() - float number is not
    preserved). (Oleg Efimov)
    * Fix handling of references in zval_try_get_long(). (nielsdos)
    * Do not delete main chunk in zend_gc. (danog, Arnaud)
    * Fix compile issues with zend_alloc and some non-default options. (nielsdos)

    **Curl:**

    * Fix memory leak when setting a list via curl_setopt fails. (nielsdos)

    **Date:**

    * Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos)

    **DOM:**

    * Fixed bug [GH-18744](https://github.com/php/php-src/issues/18744) (classList works not correctly if copy
    HTMLElement by clone keyword). (nielsdos)

    **FPM:**

    * Fixed [GH-18662](https://github.com/php/php-src/issues/18662) (fpm_get_status segfault). (txuna)

    **Hash:**

    * Fixed bug [GH-14551](https://github.com/php/php-src/issues/14551) (PGO build fails with xxhash).
    (nielsdos)

    **Intl:**

    * Fix memory leak in intl_datetime_decompose() on failure. (nielsdos)
    * Fix memory leak in locale lookup on failure. (nielsdos)

    **Opcache:**

    * Fixed bug [GH-18743](https://github.com/php/php-src/issues/18743) (Incompatibility in Inline TLS
    Assembly on Alpine 3.22). (nielsdos, Arnaud)

    **ODBC:**

    * Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos)

    **OpenSSL:**

    * Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure. (nielsdos)
    * Fixed bug php#74796 (Requests through http proxy set peer name). (Jakub Zelenka)

    **PGSQL:**

    * Fixed [GHSA-hrwm-9436-5mv3](https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3)
    (pgsql extension does not check for errors during escaping). (**CVE-2025-1735**) (Jakub Zelenka)

    **PDO ODBC:**

    * Fix memory leak if WideCharToMultiByte() fails. (nielsdos)

    **PDO Sqlite:**

    * Fixed memory leak with Pdo_Sqlite::createCollation when the callback has an incorrect return type.
    (David Carlier)

    **Phar:**

    * Add missing filter cleanups on phar failure. (nielsdos)
    * Fixed bug [GH-18642](https://github.com/php/php-src/issues/18642) (Signed integer overflow in ext/phar
    fseek). (nielsdos)

    **PHPDBG:**

    * Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos)

    **PGSQL:**

    * Fix warning not being emitted when failure to cancel a query with pg_cancel_query(). (Girgias)

    **Random:**

    * Fix reference type confusion and leak in user random engine. (nielsdos, timwolla)

    **Readline:**

    * Fix memory leak when calloc() fails in php_readline_completion_cb(). (nielsdos)

    **SimpleXML:**

    * Fixed bug [GH-18597](https://github.com/php/php-src/issues/18597) (Heap-buffer-overflow in zend_alloc.c
    when assigning string with UTF-8 bytes). (nielsdos)

    **SOAP:**

    * Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
    * Fixed [GHSA-453j-q27h-5p8x](https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x)
    (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (**CVE-2025-6491**)
    (Lekssays, nielsdos)

    **Standard:**

    * Fixed [GHSA-3cr5-j632-f35r](https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r)
    (Null byte termination in hostnames). (**CVE-2025-1220**) (Jakub Zelenka)

    **Tidy:**

    * Fix memory leak in tidy output handler on error. (nielsdos)
    * Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2025-2c344545bf");
  script_set_attribute(attribute:"solution", value:
"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-6491");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:42");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^42([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 42', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '42',
    'pkgs': [
      {'reference':'php-8.4.10-1.fc42', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php');
}

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jan 2026 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 3.15.9 - 7.5
EPSS0.00953
SSVC
4