Lucene search
K

Fedora 41 : php (2025-da047483d8)

šŸ—“ļøĀ 13 Jul 2025Ā 00:00:00Reported byĀ TenableTypeĀ 
nessus
Ā nessus
šŸ”—Ā www.tenable.comšŸ‘Ā 6Ā Views

Fedora 41 has PHP 8.3.23 with multiple vulnerability fixes per advisory FEDORA-2025-da047483d8

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2025-da047483d8
#

include('compat.inc');

if (description)
{
  script_id(242036);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2025-1220", "CVE-2025-1735", "CVE-2025-6491");
  script_xref(name:"FEDORA", value:"2025-da047483d8");
  script_xref(name:"IAVA", value:"2025-A-0497-S");

  script_name(english:"Fedora 41 : php (2025-da047483d8)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2025-da047483d8 advisory.

    **PHP version 8.3.23** (03 Jul 2025)

    **Core:**

    * Fixed [GH-18695](https://github.com/php/php-src/issues/18695) (zend_ast_export() - float number is not
    preserved). (Oleg Efimov)
    * Do not delete main chunk in zend_gc. (danog, Arnaud)
    * Fix compile issues with zend_alloc and some non-default options. (nielsdos)

    **Curl:**

    * Fix memory leak when setting a list via curl_setopt fails. (nielsdos)
    * Fix incorrect OpenSSL version detection. (Peter Kokot)

    **Date:**

    * Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos)

    **FPM:**

    * Fixed [GH-18662](https://github.com/php/php-src/issues/18662) (fpm_get_status segfault). (txuna)

    **Hash:**

    * Fixed bug [GH-14551](https://github.com/php/php-src/issues/14551) (PGO build fails with xxhash).
    (nielsdos)

    **Intl:**

    * Fix memory leak in intl_datetime_decompose() on failure. (nielsdos)
    * Fix memory leak in locale lookup on failure. (nielsdos)

    **ODBC:**

    * Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos)

    **Opcache:**

    * Fixed bug [GH-18743](https://github.com/php/php-src/issues/18743) (Incompatibility in Inline TLS
    Assembly on Alpine 3.22). (nielsdos, Arnaud)

    **OpenSSL:**

    * Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure. (nielsdos)
    * Fixed bug php#74796 (Requests through http proxy set peer name). (Jakub Zelenka)

    **PGSQL:**

    * Fixed [GHSA-hrwm-9436-5mv3](https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3)
    (pgsql extension does not check for errors during escaping). (**CVE-2025-1735**) (Jakub Zelenka)

    **Phar:**

    * Add missing filter cleanups on phar failure. (nielsdos)
    * Fixed bug [GH-18642](https://github.com/php/php-src/issues/18642) (Signed integer overflow in ext/phar
    fseek). (nielsdos)

    **PHPDBG:**

    * Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos)

    **PDO ODBC:**

    * Fix memory leak if WideCharToMultiByte() fails. (nielsdos)

    **PGSQL:**

    * Fix warning not being emitted when failure to cancel a query with pg_cancel_query(). (Girgias)

    **Random:**

    * Fix reference type confusion and leak in user random engine. (nielsdos, timwolla)

    **Readline:**

    * Fix memory leak when calloc() fails in php_readline_completion_cb(). (nielsdos)

    **SOAP:**

    * Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
    * Fixed [GHSA-453j-q27h-5p8x](https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x)
    (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (**CVE-2025-6491**)
    (Lekssays, nielsdos)

    **Standard:**

    * Fixed [GHSA-3cr5-j632-f35r](https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r)
    (Null byte termination in hostnames). (**CVE-2025-1220**) (Jakub Zelenka)

    **Tidy:**

    * Fix memory leak in tidy output handler on error. (nielsdos)
    * Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2025-da047483d8");
  script_set_attribute(attribute:"solution", value:
"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-6491");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:41");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^41([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 41', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '41',
    'pkgs': [
      {'reference':'php-8.3.23-1.fc41', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php');
}

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jan 2026 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 3.15.9 - 7.5
EPSS0.00953
SSVC
6