AZL-73234

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73234.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-73234

Upstream

CVE-2025-14180

Published

2025-12-27T20:15:40Z

Modified

2026-04-01T05:22:16.551941Z

Summary

CVE-2025-14180 affecting package php for versions less than 8.1.34-1

Details

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdoparseparams() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-14180

Affected packages

Azure Linux:2 / php

Package

Name: php
Purl: pkg:rpm/azure-linux/php

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.34-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73234.json"