CVE-2025-1736

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-1736

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1736.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-1736

Aliases

Downstream

BELL-CVE-2025-1736

DEBIAN-CVE-2025-1736

DLA-4088-1

DSA-5878-1

MINI-8gx8-xm5w-hc5p

MINI-fw74-3jqr-phjg

MINI-p223-vr2w-7jrm

MINI-pf6v-w65p-8cp9

OESA-2025-1302

OESA-2025-1303

OESA-2025-1304

OESA-2025-1305

OESA-2025-1306

RHSA-2025:15687

RHSA-2025:4263

RHSA-2025:7418

RHSA-2025:7431

RHSA-2025:7432

RHSA-2025:7489

RLSA-2025:4263

RLSA-2025:7418

RLSA-2025:7432

SUSE-SU-2025:0994-1

SUSE-SU-2025:1012-1

SUSE-SU-2025:1025-1

SUSE-SU-2025:1026-1

UBUNTU-CVE-2025-1736

USN-7400-1

USN-7645-1

openSUSE-SU-2025:14895-1

Related

Published

2025-03-30T06:15:14Z

Modified

2025-08-11T14:44:54.980439Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115

Fixed

aa4bed90d8927de8c2648ea5f3f4a32c56301b71