Astra Linux - уязвимость в php8.1, php7.3

In PHP versions starting from 8.1. up to 8.1.32, and from 8.2. up to 8.2.28, as well as in versions starting from 8.3. up to 8.3.19, and from 8.4. up to 8.4.5, when the HTTP request module parses HTTP responses received from servers, folded headers are parsed incorrectly. This may lead to...

Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

CVE-2026-26962 Rack: Header injection in multipart requests

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

CLSA-2026-1771499011 python3: Fix of 3 CVEs

CVE-2025-15366: reject control characters in IMAP commands - CVE-2025-15367: reject control characters in POP3 commands - CVE-2026-1299: reject the incorrectly folded headers in "BytesGenerator"...

CLSA-2026-1771494614 python3: Fix of 3 CVEs

CVE-2025-15366: reject control characters in IMAP commands - CVE-2025-15367: reject control characters in POP3 commands - CVE-2026-1299: reject the incorrectly folded headers in "BytesGenerator"...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

MiracleLinux 9 : php:8.3 (AXSA:2025-10557:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10557:01 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth...

PT-2026-4500

Name of the Vulnerable Software and Affected Versions Python email module affected versions not specified Description The BytesGenerator class within the email module did not correctly quote newlines for email headers during email message serialization. This flaw allows for header injection when ...

Unity Linux 20.1070e Security Update: php (UTSA-2025-984693)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984693 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from...

RockyLinux 9 : php (RLSA-2025:7431)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7431 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header...

EUVD-2025-15127

Malicious code in bioql PyPI...

AlmaLinux 8 : php:8.2 (ALSA-2025:15687)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15687 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

ALSA-2025:15687 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

CLSA-2025-1756483693 php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

BIT-LIBPHP-2025-1217 Header parser of http stream wrapper does not handle folded headers

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...