RHSA-2026:7614
Vulnerability from csaf_redhat - Published: 2026-04-10 23:52 - Updated: 2026-04-19 19:37Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
php:
* php-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-bcmath-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-cli-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-common-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-dba-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-dbg-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-devel-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-embedded-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-enchant-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-ffi-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-fpm-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-gd-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-gmp-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-intl-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-ldap-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-mbstring-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-mysqlnd-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-odbc-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-pdo-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-pdo-dblib-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-pdo-firebird-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-pgsql-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-process-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-snmp-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-soap-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-sodium-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-tidy-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-xml-8.5.5-1.1.hum1 (aarch64, x86_64)
* php-8.5.5-1.1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in PHP. The getimagesize() function may leak uninitialized heap memory when processing images in multi-chunk mode, such as through php://filter. This vulnerability, caused by a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, allows an attacker to potentially disclose sensitive information from the server's memory. This could compromise the confidentiality of data on the affected server.
CWE-125 - Out-of-bounds Read
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7614
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in PHP. A heap-based buffer overflow occurs in the array_merge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HT_MAX_SIZE due to an integer overflow in the precomputation of element counts using the zend_hash_num_elements function, causing a process crash and potentially memory corruption.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7614
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in PHP. When the PDO (PHP Data Objects) PostgreSQL driver is configured with `PDO::ATTR_EMULATE_PREPARES` enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference, leading to a server crash. The primary impact is a Denial of Service (DoS), affecting the availability of the target server.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7614
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nphp:\n * php-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-bcmath-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-cli-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-common-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-dba-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-dbg-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-devel-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-embedded-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-enchant-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-ffi-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-fpm-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-gd-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-gmp-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-intl-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-ldap-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-mbstring-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-mysqlnd-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-odbc-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-pdo-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-pdo-dblib-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-pdo-firebird-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-pgsql-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-process-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-snmp-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-soap-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-sodium-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-tidy-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-xml-8.5.5-1.1.hum1 (aarch64, x86_64)\n * php-8.5.5-1.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7614",
"url": "https://access.redhat.com/errata/RHSA-2026:7614"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14180",
"url": "https://access.redhat.com/security/cve/CVE-2025-14180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14177",
"url": "https://access.redhat.com/security/cve/CVE-2025-14177"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14178",
"url": "https://access.redhat.com/security/cve/CVE-2025-14178"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7614.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-04-19T19:37:50+00:00",
"generator": {
"date": "2026-04-19T19:37:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:7614",
"initial_release_date": "2026-04-10T23:52:05+00:00",
"revision_history": [
{
"date": "2026-04-10T23:52:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T20:00:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-19T19:37:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "php-main@aarch64",
"product": {
"name": "php-main@aarch64",
"product_id": "php-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@8.5.5-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "php-main@src",
"product": {
"name": "php-main@src",
"product_id": "php-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@8.5.5-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "php-main@x86_64",
"product": {
"name": "php-main@x86_64",
"product_id": "php-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@8.5.5-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "php-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:php-main@aarch64"
},
"product_reference": "php-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:php-main@src"
},
"product_reference": "php-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:php-main@x86_64"
},
"product_reference": "php-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14177",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-27T20:00:48.661724+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PHP. The getimagesize() function may leak uninitialized heap memory when processing images in multi-chunk mode, such as through php://filter. This vulnerability, caused by a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, allows an attacker to potentially disclose sensitive information from the server\u0027s memory. This could compromise the confidentiality of data on the affected server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw in PHP\u0027s `getimagesize()` function can lead to information disclosure by leaking uninitialized heap memory when processing multi-chunk images, potentially via `php://filter`. This affects the confidentiality of data on systems running affected PHP versions in Red Hat Enterprise Linux 8 (php:8.2/php), Red Hat Enterprise Linux 9 (php, php:8.2/php, php:8.3/php), and Red Hat Enterprise Linux 10 (php, php8.4). The PHP 7 streams for Red Hat Enterprise Linux 7 and 8 are not affected by this vulnerability as the way it reads and stores image metadata is implemented differently than how it\u0027s on affected PHP 8 versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14177"
},
{
"category": "external",
"summary": "RHBZ#2425626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14177"
},
{
"category": "external",
"summary": "https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7",
"url": "https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7"
}
],
"release_date": "2025-12-27T19:33:23.973000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T23:52:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7614"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images"
},
{
"cve": "CVE-2025-14178",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-12-27T20:00:44.041960+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425625"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PHP. A heap-based buffer overflow occurs in the array_merge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HT_MAX_SIZE due to an integer overflow in the precomputation of element counts using the zend_hash_num_elements function, causing a process crash and potentially memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: heap-based buffer overflow in array_merge()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker must be able to pass arrays to array_merge() containing a very large number of elements, specifically the total element count must exceed the 32-bit integer limit or the internal HT_MAX_SIZE constant. Creating such a massive array often triggers the memory limit of PHP and the system, causing an out-of-memory condition before the buffer overflow can be triggered, increasing the complexity of exploitation.\n\nAlso, default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and memory protections significantly increase the difficult of achieving arbitrary code execution, limiting the impact of this vulnerability.\n\nDue to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14178"
},
{
"category": "external",
"summary": "RHBZ#2425625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14178"
},
{
"category": "external",
"summary": "https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2",
"url": "https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2"
}
],
"release_date": "2025-12-27T19:27:41.691000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T23:52:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7614"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: heap-based buffer overflow in array_merge()"
},
{
"cve": "CVE-2025-14180",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-12-27T20:00:52.735842+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425627"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PHP. When the PDO (PHP Data Objects) PostgreSQL driver is configured with `PDO::ATTR_EMULATE_PREPARES` enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference, leading to a server crash. The primary impact is a Denial of Service (DoS), affecting the availability of the target server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because it can lead to a Denial of Service in PHP applications utilizing the PDO PostgreSQL driver. Exploitation requires the `PDO::ATTR_EMULATE_PREPARES` option to be explicitly enabled, allowing a remote attacker to crash the server by providing a specially crafted invalid character sequence in a prepared statement parameter.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14180"
},
{
"category": "external",
"summary": "RHBZ#2425627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14180"
},
{
"category": "external",
"summary": "https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj",
"url": "https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj"
}
],
"release_date": "2025-12-27T19:21:20.768000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T23:52:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7614"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:php-main@aarch64",
"Red Hat Hardened Images:php-main@src",
"Red Hat Hardened Images:php-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…