Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can lead to accessing array with negative offset, which can trigger a denial of service.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 12 | | =8.2.10-1 || =8.2.10-2 || =8.2.12-1 || =8.2.16-1 || =8.2.16-2 || =8.2.17-1 || =8.2.18-1 || =8.2.18-1~deb12u1 || =8.2.20-1~deb12u1 || =8.2.20-2 || =8.2.20-3 || =8.2.21-1 || =8.2.23-1 || =8.2.24-1 || =8.2.24-1~deb12u1 || =8.2.26-1~deb12u1 || =8.2.26-4 || =8.2.27-1 || =8.2.28-1~deb12u1 || =8.2.29-1~deb12u1 || =8.2.30-1~deb12u1 || =8.2.5-2 || =8.2.7-1 || =8.2.7-1.1 || =8.2.7-1.2 || =8.2.7-1~deb12u1 || >=0 <8.2.31-1~deb12u1 | 8.2.31-1~deb12u1 |
debian 13 | | =8.4.11-1 || =8.4.16-1 || =8.4.16-1~deb13u1 || =8.4.20-1 || >=0 <8.4.21-1~deb13u1 | 8.4.21-1~deb13u1 |
debian 11 | | =7.4.21-1+deb11u1 || =7.4.25-1+deb11u1 || =7.4.26-1 || =7.4.28-1+deb11u1 || =7.4.30-1+deb11u1 || =7.4.33-1+deb11u1 || =7.4.33-1+deb11u10 || =7.4.33-1+deb11u3 || =7.4.33-1+deb11u4 || =7.4.33-1+deb11u5 || =7.4.33-1+deb11u6 || =7.4.33-1+deb11u7 || =7.4.33-1+deb11u8 || =7.4.33-1+deb11u9 || >=0 <7.4.33-1+deb11u11 | 7.4.33-1+deb11u11 |
debian 14 | | =8.4.11-1 || =8.4.16-1 || =8.4.16-1~deb13u1 || =8.4.20-1 || =8.4.21-1~deb13u1 || >=0 <8.4.21-1 | 8.4.21-1 |
 rpm rhel10 | | | 0:8.3.31-1.el10_2 |
rpm rhel6 | | - | - |
rpm rhel7 | | - | - |
rpm rhel9 | | - | - |
rpm rhel10 | | | 0:8.4.21-1.el10_2 |
rpm rhel8 | | - | - |
