CVE-2025-14178
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PHP Group | PHP | 8.1.* < 8.1.34 | affected |
| PHP Group | PHP | 8.2.* < 8.2.30 | affected |
| PHP Group | PHP | 8.3.* < 8.3.29 | affected |
| PHP Group | PHP | 8.4.* < 8.4.16 | affected |
| PHP Group | PHP | 8.5.* < 8.5.1 | affected |
Weaknesses
- CWE-787: CWE-787 Out-of-bounds Write
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.