5 matches found
CLSA-2026-1768411712 php: Fix of 2 CVEs
CVE-2025-1220: fix null byte termination in hostnames - CVE-2025-6491: fix NULL pointer dereference in PHP SOAP extension via large XML namespace prefix...
CBL Mariner 2.0 Security Update: php (CVE-2025-6491)
The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6491 advisory. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML...
BIT-PHP-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...
CVE-2025-6491
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...
CVE-2025-6491
CVE-2025-6491 causes a NULL pointer dereference in the PHP SOAP extension when parsing XML data with very large ( >2 GB) XML namespace prefixes, leading to server crashes and potential availability impact. It affects PHP versions across 8.1–8.4 series before patched releases; patched versions ...