{ "threat_severity" : "Important", "public_date" : "2025-12-27T19:21:20Z", "bugzilla" : { "description" : "php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement", "id" : "2425627", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425627" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \\x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.", "A flaw was found in PHP. When the PDO (PHP Data Objects) PostgreSQL driver is configured with `PDO::ATTR_EMULATE_PREPARES` enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference, leading to a server crash. The primary impact is a Denial of Service (DoS), affecting the availability of the target server." ], "statement" : "This vulnerability is rated Important for Red Hat because it can lead to a Denial of Service in PHP applications utilizing the PDO PostgreSQL driver. Exploitation requires the `PDO::ATTR_EMULATE_PREPARES` option to be explicitly enabled, allowing a remote attacker to crash the server by providing a specially crafted invalid character sequence in a prepared statement parameter.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1628", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "php-0:8.3.29-1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:1185", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "php-0:8.3.19-1.el10_0.1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-01-27T00:00:00Z", "advisory" : "RHSA-2026:1412", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "php:8.2-8100020260106091451.f7998665" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-27T00:00:00Z", "advisory" : "RHSA-2026:1409", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "php:8.2-9070020260107073439.9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-27T00:00:00Z", "advisory" : "RHSA-2026:1429", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "php:8.3-9070020260108073701.9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:1169", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "php:8.2-9040020260116191026.9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:1187", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "php:8.2-9060020260116185805.9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:1190", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "php:8.3-9060020260116180534.9" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-10T00:00:00Z", "advisory" : "RHSA-2026:7614", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "php-main-8.5.5-1.1.hum1" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9:1769162595" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "php8.4", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "php:7.4/php", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/code-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Will not fix", "package_name" : "devspaces-tech-preview/idea-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-14180\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-14180\nhttps://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj" ], "name" : "CVE-2025-14180", "mitigation" : { "value" : "No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.", "lang" : "en:us" }, "csaw" : false }