pkg:Bitnami/php

All known vulnerabilities

• CRITICAL9.8CVE-2024-4577⚠ KEVArgument Injection in PHP-CGI
  from 0, < 8.1.29, >= 8.2.0, < 8.2.20, >= 8.3.0, < 8.3.8
• CRITICAL9.8CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header fault
  >= 8.2.0, < 8.2.31, >= 8.3.0, < 8.3.31, >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• CRITICAL9.8Use-After-Free in SOAP using Apache map
  >= 8.2.0, < 8.2.31, >= 8.3.0, < 8.3.31, >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• CRITICAL9.8SQL injection in pdo_firebird via NUL bytes in quoted strings
  >= 8.2.0, < 8.2.31, >= 8.3.0, < 8.3.31, >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• CRITICAL9.8Heap buffer overflow in finfo_buffer
  >= 8.1.0, < 8.1.8
• CRITICAL9.8Stream HTTP wrapper truncates redirect location to 1024 bytes
  from 0, < 8.1.32, >= 8.2.0, < 8.2.28, >= 8.3.0, < 8.3.19, >= 8.4.0, < 8.4.5
• CRITICAL9.8Integer overflow in the firebird and dblib quoters causing OOB writes
  from 0, < 8.1.31, >= 8.2.0, < 8.2.26, >= 8.3.0, < 8.3.14
• CRITICAL9.8OOB access in ldap_escape
  from 0, < 8.1.31, >= 8.2.0, < 8.2.26, >= 8.3.0, < 8.3.14
• CRITICAL9.8Buffer overflow and overread in phar_dir_read()
  >= 8.0.0, < 8.0.30, >= 8.1.0, < 8.1.22, >= 8.2.0, < 8.2.9
• CRITICAL9.8pypy3 - security update
  >= 7.2.0, < 7.4.33, >= 8.0.0, < 8.0.25, >= 8.1.0, < 8.1.12
• CRITICAL9.8UAF due to php_filter_float() failing
  >= 7.4.0, < 7.4.28, >= 8.0.0, < 8.0.16, >= 8.1.0, < 8.1.3
• CRITICAL9.4Command injection via array-ish $command parameter of proc_open()
  from 0, < 8.1.28, >= 8.2.0, < 8.2.18, >= 8.3.0, < 8.3.5
• CRITICAL9.1Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
  >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• CRITICAL9.1heap-buffer-overflow in phar_extract_file
  >= 7.2.0, < 7.2.28, >= 7.3.0, < 7.3.15, >= 7.4.0, < 7.4.3
• CRITICAL9.1PDO::quote() may return unquoted string
  >= 8.0.0, < 8.0.27, >= 8.1.0, < 8.1.15, >= 8.2.0, < 8.2.2
• CRITICAL9.1global buffer-overflow in mbfl_filt_conv_big5_wchar
  >= 7.2.0, < 7.2.27, >= 7.3.0, < 7.3.14, >= 7.4.0, < 7.4.2
• CRITICAL9.1OOB read in php_strip_tags_ex
  >= 7.2.0, < 7.2.27, >= 7.3.0, < 7.3.14, >= 7.4.0, < 7.4.2
• HIGH8.8Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
  from 0, < 8.1.29, >= 8.2.0, < 8.2.20, >= 8.3.0, < 8.3.8
• HIGH8.8PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
  from 0, < 8.1.30, >= 8.2.0, < 8.2.24, >= 8.3.0, < 8.3.12
• HIGH8.8mysqlnd/pdo password buffer overflow
  >= 7.4.0, < 7.4.30, >= 8.0.0, < 8.0.20, >= 8.1.0, < 8.1.7
• HIGH8.8mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full
  >= 7.3.0, < 7.3.16, >= 7.4.0, < 7.4.4
• HIGH8.2Heap buffer overflow in array_merge()
  from 0, < 8.1.34, >= 8.2.0, < 8.2.30, >= 8.3.0, < 8.3.29, >= 8.4.0, < 8.4.16, >= 8.5.0, < 8.5.1
• HIGH8.2Single byte overread with convert.quoted-printable-decode filter
  from 0, < 8.1.31, >= 8.2.0, < 8.2.26, >= 8.3.0, < 8.3.14
• HIGH8.1Reference counting in php_request_shutdown causes Use-After-Free
  >= 8.3.0, < 8.3.19, >= 8.4.0, < 8.4.5
• HIGH8.1Array overrun in common path resolve code
  >= 8.0.0, < 8.0.28, >= 8.1.0, < 8.1.16, >= 8.2.0, < 8.2.3
• HIGH8.1Freeing unallocated memory in php_pgsql_free_params()
  >= 7.4.0, < 7.4.30, >= 8.0.0, < 8.0.20, >= 8.1.0, < 8.1.7
• HIGH7.5DoS attack via DOMNode::C14N()
  >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• HIGH7.5Signed integer overflow in metaphone()
  >= 8.2.0, < 8.2.31, >= 8.3.0, < 8.3.31, >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• HIGH7.5NULL pointer dereference in SOAP apache:Map decoder with missing <value>
  >= 8.2.0, < 8.2.31, >= 8.3.0, < 8.3.31, >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• HIGH7.5Out-of-bounds read in urldecode() on NetBSD
  >= 8.2.0, < 8.2.31, >= 8.3.0, < 8.3.31, >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• HIGH7.5NULL Pointer Dereference in PDO quoting
  from 0, < 8.1.34, >= 8.2.0, < 8.2.30, >= 8.3.0, < 8.3.29, >= 8.4.0, < 8.4.16, >= 8.5.0, < 8.5.1
• HIGH7.5Information Leak of Memory in getimagesize
  from 0, < 8.1.34, >= 8.2.0, < 8.2.30, >= 8.3.0, < 8.3.29, >= 8.4.0, < 8.4.16, >= 8.5.0, < 8.5.1
• HIGH7.5PHP mb_encode_mimeheader runs endlessly for some inputs
  >= 8.3.0, < 8.3.5
• HIGH7.5pgsql extension does not check for errors during escaping
  from 0, < 8.1.33, >= 8.2.0, < 8.2.29, >= 8.3.0, < 8.3.23, >= 8.4.0, < 8.4.10
• HIGH7.5cgi.force_redirect configuration is bypassable due to the environment variable collision
  from 0, < 8.1.30, >= 8.2.0, < 8.2.24, >= 8.3.0, < 8.3.12
• HIGH7.5Security issue with external entity loading in XML without enabling it
  >= 8.0.0, < 8.0.30, >= 8.1.0, < 8.1.22, >= 8.2.0, < 8.2.9
• HIGH7.5DoS vulnerability when parsing multipart request body
  >= 8.0.0, < 8.0.28, >= 8.1.0, < 8.1.16, >= 8.2.0, < 8.2.3
• HIGH7.5Null Dereference in SoapClient
  >= 7.3.0, < 7.3.27, >= 7.4.0, < 7.4.15, >= 8.0.0, < 8.0.2
• HIGH7.5OOB Read in urldecode()
  >= 7.2.0, < 7.2.30, >= 7.3.0, < 7.3.17, >= 7.4.0, < 7.4.5
• HIGH7.5Null Pointer Dereference in PHP Session Upload Progress
  >= 7.2.0, < 7.2.28, >= 7.3.0, < 7.3.15, >= 7.4.0, < 7.4.3
• HIGH7.3Stream HTTP wrapper header check might omit basic auth header
  from 0, < 8.1.32, >= 8.2.0, < 8.2.28, >= 8.3.0, < 8.3.19, >= 8.4.0, < 8.4.5
• HIGH7.2Configuring a proxy in a stream context might allow for CRLF injection in URIs
  from 0, < 8.1.31, >= 8.2.0, < 8.2.26, >= 8.3.0, < 8.3.14
• HIGH7.1OOB read due to insufficient input validation in imageloadfont()
  >= 7.4.0, < 7.4.33, >= 8.0.0, < 8.0.25, >= 8.1.0, < 8.1.12
• HIGH7.0PHP-FPM memory access in root process leading to privilege escalation
  >= 7.3.0, < 7.3.32, >= 7.4.0, < 7.4.25, >= 8.0.0, < 8.0.12
• MEDIUM6.5Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
  >= 8.2.0, < 8.2.31, >= 8.3.0, < 8.3.31, >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• MEDIUM6.5ZipArchive::extractTo may extract outside of destination dir
  >= 7.3.0, < 7.3.31, >= 7.4.0, < 7.4.24, >= 8.0.0, < 8.0.11
• MEDIUM6.5PHP function password_verify can erroneously return true when argument contains NUL
  from 0, < 8.1.28, >= 8.2.0, < 8.2.18, >= 8.3.0, < 8.3.5
• MEDIUM6.5__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  from 0, < 8.1.28, >= 8.2.0, < 8.2.18, >= 8.3.0, < 8.3.5
• MEDIUM6.5$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
  from 0, < 7.4.31, >= 8.0.0, < 8.0.24, >= 8.1.0, < 8.1.11
• MEDIUM6.5Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
  >= 7.2.0, < 7.2.34, >= 7.3.0, < 7.3.23, >= 7.4.0, < 7.4.11
• MEDIUM6.2password_verify() always returns true for some invalid hashes
  >= 8.0.0, < 8.0.28, >= 8.1.0, < 8.1.16, >= 8.2.0, < 8.2.3
• MEDIUM6.1XSS within PHP-FPM status endpoint
  >= 8.2.0, < 8.2.31, >= 8.3.0, < 8.3.31, >= 8.4.0, < 8.4.21, >= 8.5.0, < 8.5.6
• MEDIUM5.9NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
  from 0, < 8.1.33, >= 8.2.0, < 8.2.29, >= 8.3.0, < 8.3.23, >= 8.4.0, < 8.4.10
• MEDIUM5.9PHP is vulnerable to the Marvin Attack
  from 0, < 8.1.29, >= 8.2.0, < 8.2.20, >= 8.3.0, < 8.3.8
• MEDIUM5.9Multiple vulnerabilities in Firebird client extension
  >= 7.3.0, < 7.3.29, >= 7.4.0, < 7.4.21, >= 8.0.0, < 8.0.8
• MEDIUM5.8Leak partial content of the heap through heap buffer over-read in mysqlnd
  from 0, < 8.1.31, >= 8.2.0, < 8.2.24, >= 8.3.0, < 8.3.14
• MEDIUM5.5Potential buffer overflow in php_cli_server_startup_workers
  >= 7.4.0, < 8.0.22
• MEDIUM5.5phar wrapper can occur dos when using quine gzip file
  from 0, < 7.4.31, >= 8.0.0, < 8.0.24, >= 8.1.0, < 8.1.11
• MEDIUM5.4Use-of-uninitialized-value in exif
  >= 7.2.0, < 7.2.29, >= 7.3.0, < 7.3.16, >= 7.4.0, < 7.4.4
• MEDIUM5.3Null byte termination in hostnames
  from 0, < 8.1.33, >= 8.2.0, < 8.2.29, >= 8.3.0, < 8.3.23, >= 8.4.0, < 8.4.10
• MEDIUM5.3Streams HTTP wrapper does not fail for headers with invalid name and no colon
  from 0, < 8.1.32, >= 8.2.0, < 8.2.28, >= 8.3.0, < 8.3.19, >= 8.4.0, < 8.4.5
• MEDIUM5.3libxml streams use wrong content-type header when requesting a redirected resource
  from 0, < 8.1.32, >= 8.2.0, < 8.2.28, >= 8.3.0, < 8.3.19, >= 8.4.0, < 8.4.5
• MEDIUM5.3Erroneous parsing of multipart form data
  from 0, < 8.1.30, >= 8.2.0, < 8.2.24, >= 8.3.0, < 8.3.12
• MEDIUM5.3Filter bypass in filter_var (FILTER_VALIDATE_URL)
  from 0, < 8.1.29, >= 8.2.0, < 8.2.20, >= 8.3.0, < 8.3.8
• MEDIUM5.3Special characters break path parsing in XML functions
  >= 7.3.0, < 7.3.33, >= 7.4.0, < 7.4.26, >= 8.0.0, < 8.0.13
• MEDIUM5.3Incorrect URL validation in FILTER_VALIDATE_URL
  >= 7.3.0, < 7.3.29, >= 7.4.0, < 7.4.21, >= 8.0.0, < 8.0.8
• MEDIUM5.3FILTER_VALIDATE_URL accepts URLs with invalid userinfo
  >= 7.3.0, < 7.3.26, >= 7.4.0, < 7.4.14, >= 8.0.0, < 8.0.1
• MEDIUM5.3PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
  >= 7.2.0, < 7.2.34, >= 7.3.0, < 7.3.23, >= 7.4.0, < 7.4.11
• MEDIUM5.3Files added to tar with Phar::buildFromIterator have all-access permissions
  >= 7.2.0, < 7.2.28, >= 7.3.0, < 7.3.15, >= 7.4.0, < 7.4.3
• MEDIUM4.3Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
  >= 8.0.0, < 8.0.29, >= 8.1.0, < 8.1.20, >= 8.2.0, < 8.2.7
• MEDIUM4.3get_headers() silently truncates after a null byte
  >= 7.2.0, < 7.2.29, >= 7.3.0, < 7.3.16, >= 7.4.0, < 7.4.4
• LOW3.6Use of freed hash key in the phar_parse_zipfile function
  >= 7.2.0, < 7.2.33, >= 7.3.0, < 7.3.21, >= 7.4.0, < 7.4.9
• LOW3.3PHP-FPM logs from children may be altered
  from 0, < 8.1.30, >= 8.2.0, < 8.2.24, >= 8.3.0, < 8.3.12
• LOW3.1Header parser of http stream wrapper does not handle folded headers
  from 0, < 8.1.32, >= 8.2.0, < 8.2.28, >= 8.3.0, < 8.3.19, >= 8.4.0, < 8.4.5