vulnerability
Amazon Linux 2023: CVE-2025-14178: Medium priority package update for php8.4 (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:N/I:P/A:C) | Dec 27, 2025 | Jan 12, 2026 | Jan 12, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:C)
Published
Dec 27, 2025
Added
Jan 12, 2026
Modified
Jan 12, 2026
Description
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
A flaw was found in PHP. A heap-based buffer overflow occurs in the array_merge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HT_MAX_SIZE due to an integer overflow in the precomputation of element counts using the zend_hash_num_elements function, causing a process crash and potentially memory corruption.
A flaw was found in PHP. A heap-based buffer overflow occurs in the array_merge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HT_MAX_SIZE due to an integer overflow in the precomputation of element counts using the zend_hash_num_elements function, causing a process crash and potentially memory corruption.
Solutions
amazon-linux-2023-upgrade-php8-1amazon-linux-2023-upgrade-php8-1-bcmathamazon-linux-2023-upgrade-php8-1-bcmath-debuginfoamazon-linux-2023-upgrade-php8-1-cliamazon-linux-2023-upgrade-php8-1-cli-debuginfoamazon-linux-2023-upgrade-php8-1-commonamazon-linux-2023-upgrade-php8-1-common-debuginfoamazon-linux-2023-upgrade-php8-1-dbaamazon-linux-2023-upgrade-php8-1-dba-debuginfoamazon-linux-2023-upgrade-php8-1-dbgamazon-linux-2023-upgrade-php8-1-dbg-debuginfoamazon-linux-2023-upgrade-php8-1-debuginfoamazon-linux-2023-upgrade-php8-1-debugsourceamazon-linux-2023-upgrade-php8-1-develamazon-linux-2023-upgrade-php8-1-embeddedamazon-linux-2023-upgrade-php8-1-embedded-debuginfoamazon-linux-2023-upgrade-php8-1-enchantamazon-linux-2023-upgrade-php8-1-enchant-debuginfoamazon-linux-2023-upgrade-php8-1-ffiamazon-linux-2023-upgrade-php8-1-ffi-debuginfoamazon-linux-2023-upgrade-php8-1-fpmamazon-linux-2023-upgrade-php8-1-fpm-debuginfoamazon-linux-2023-upgrade-php8-1-gdamazon-linux-2023-upgrade-php8-1-gd-debuginfoamazon-linux-2023-upgrade-php8-1-gmpamazon-linux-2023-upgrade-php8-1-gmp-debuginfoamazon-linux-2023-upgrade-php8-1-intlamazon-linux-2023-upgrade-php8-1-intl-debuginfoamazon-linux-2023-upgrade-php8-1-ldapamazon-linux-2023-upgrade-php8-1-ldap-debuginfoamazon-linux-2023-upgrade-php8-1-mbstringamazon-linux-2023-upgrade-php8-1-mbstring-debuginfoamazon-linux-2023-upgrade-php8-1-mysqlndamazon-linux-2023-upgrade-php8-1-mysqlnd-debuginfoamazon-linux-2023-upgrade-php8-1-odbcamazon-linux-2023-upgrade-php8-1-odbc-debuginfoamazon-linux-2023-upgrade-php8-1-opcacheamazon-linux-2023-upgrade-php8-1-opcache-debuginfoamazon-linux-2023-upgrade-php8-1-pdoamazon-linux-2023-upgrade-php8-1-pdo-debuginfoamazon-linux-2023-upgrade-php8-1-pgsqlamazon-linux-2023-upgrade-php8-1-pgsql-debuginfoamazon-linux-2023-upgrade-php8-1-processamazon-linux-2023-upgrade-php8-1-process-debuginfoamazon-linux-2023-upgrade-php8-1-pspellamazon-linux-2023-upgrade-php8-1-pspell-debuginfoamazon-linux-2023-upgrade-php8-1-snmpamazon-linux-2023-upgrade-php8-1-snmp-debuginfoamazon-linux-2023-upgrade-php8-1-soapamazon-linux-2023-upgrade-php8-1-soap-debuginfoamazon-linux-2023-upgrade-php8-1-tidyamazon-linux-2023-upgrade-php8-1-tidy-debuginfoamazon-linux-2023-upgrade-php8-1-xmlamazon-linux-2023-upgrade-php8-1-xml-debuginfoamazon-linux-2023-upgrade-php8-1-zipamazon-linux-2023-upgrade-php8-1-zip-debuginfoamazon-linux-2023-upgrade-php8-2amazon-linux-2023-upgrade-php8-2-bcmathamazon-linux-2023-upgrade-php8-2-bcmath-debuginfoamazon-linux-2023-upgrade-php8-2-cliamazon-linux-2023-upgrade-php8-2-cli-debuginfoamazon-linux-2023-upgrade-php8-2-commonamazon-linux-2023-upgrade-php8-2-common-debuginfoamazon-linux-2023-upgrade-php8-2-dbaamazon-linux-2023-upgrade-php8-2-dba-debuginfoamazon-linux-2023-upgrade-php8-2-dbgamazon-linux-2023-upgrade-php8-2-dbg-debuginfoamazon-linux-2023-upgrade-php8-2-debuginfoamazon-linux-2023-upgrade-php8-2-debugsourceamazon-linux-2023-upgrade-php8-2-develamazon-linux-2023-upgrade-php8-2-embeddedamazon-linux-2023-upgrade-php8-2-embedded-debuginfoamazon-linux-2023-upgrade-php8-2-enchantamazon-linux-2023-upgrade-php8-2-enchant-debuginfoamazon-linux-2023-upgrade-php8-2-ffiamazon-linux-2023-upgrade-php8-2-ffi-debuginfoamazon-linux-2023-upgrade-php8-2-fpmamazon-linux-2023-upgrade-php8-2-fpm-debuginfoamazon-linux-2023-upgrade-php8-2-gdamazon-linux-2023-upgrade-php8-2-gd-debuginfoamazon-linux-2023-upgrade-php8-2-gmpamazon-linux-2023-upgrade-php8-2-gmp-debuginfoamazon-linux-2023-upgrade-php8-2-intlamazon-linux-2023-upgrade-php8-2-intl-debuginfoamazon-linux-2023-upgrade-php8-2-ldapamazon-linux-2023-upgrade-php8-2-ldap-debuginfoamazon-linux-2023-upgrade-php8-2-mbstringamazon-linux-2023-upgrade-php8-2-mbstring-debuginfoamazon-linux-2023-upgrade-php8-2-mysqlndamazon-linux-2023-upgrade-php8-2-mysqlnd-debuginfoamazon-linux-2023-upgrade-php8-2-odbcamazon-linux-2023-upgrade-php8-2-odbc-debuginfoamazon-linux-2023-upgrade-php8-2-opcacheamazon-linux-2023-upgrade-php8-2-opcache-debuginfoamazon-linux-2023-upgrade-php8-2-pdoamazon-linux-2023-upgrade-php8-2-pdo-debuginfoamazon-linux-2023-upgrade-php8-2-pgsqlamazon-linux-2023-upgrade-php8-2-pgsql-debuginfoamazon-linux-2023-upgrade-php8-2-processamazon-linux-2023-upgrade-php8-2-process-debuginfoamazon-linux-2023-upgrade-php8-2-pspellamazon-linux-2023-upgrade-php8-2-pspell-debuginfoamazon-linux-2023-upgrade-php8-2-snmpamazon-linux-2023-upgrade-php8-2-snmp-debuginfoamazon-linux-2023-upgrade-php8-2-soapamazon-linux-2023-upgrade-php8-2-soap-debuginfoamazon-linux-2023-upgrade-php8-2-sodiumamazon-linux-2023-upgrade-php8-2-sodium-debuginfoamazon-linux-2023-upgrade-php8-2-tidyamazon-linux-2023-upgrade-php8-2-tidy-debuginfoamazon-linux-2023-upgrade-php8-2-xmlamazon-linux-2023-upgrade-php8-2-xml-debuginfoamazon-linux-2023-upgrade-php8-2-zipamazon-linux-2023-upgrade-php8-2-zip-debuginfoamazon-linux-2023-upgrade-php8-3amazon-linux-2023-upgrade-php8-3-bcmathamazon-linux-2023-upgrade-php8-3-bcmath-debuginfoamazon-linux-2023-upgrade-php8-3-cliamazon-linux-2023-upgrade-php8-3-cli-debuginfoamazon-linux-2023-upgrade-php8-3-commonamazon-linux-2023-upgrade-php8-3-common-debuginfoamazon-linux-2023-upgrade-php8-3-dbaamazon-linux-2023-upgrade-php8-3-dba-debuginfoamazon-linux-2023-upgrade-php8-3-dbgamazon-linux-2023-upgrade-php8-3-dbg-debuginfoamazon-linux-2023-upgrade-php8-3-debuginfoamazon-linux-2023-upgrade-php8-3-debugsourceamazon-linux-2023-upgrade-php8-3-develamazon-linux-2023-upgrade-php8-3-embeddedamazon-linux-2023-upgrade-php8-3-embedded-debuginfoamazon-linux-2023-upgrade-php8-3-enchantamazon-linux-2023-upgrade-php8-3-enchant-debuginfoamazon-linux-2023-upgrade-php8-3-ffiamazon-linux-2023-upgrade-php8-3-ffi-debuginfoamazon-linux-2023-upgrade-php8-3-fpmamazon-linux-2023-upgrade-php8-3-fpm-debuginfoamazon-linux-2023-upgrade-php8-3-gdamazon-linux-2023-upgrade-php8-3-gd-debuginfoamazon-linux-2023-upgrade-php8-3-gmpamazon-linux-2023-upgrade-php8-3-gmp-debuginfoamazon-linux-2023-upgrade-php8-3-intlamazon-linux-2023-upgrade-php8-3-intl-debuginfoamazon-linux-2023-upgrade-php8-3-ldapamazon-linux-2023-upgrade-php8-3-ldap-debuginfoamazon-linux-2023-upgrade-php8-3-mbstringamazon-linux-2023-upgrade-php8-3-mbstring-debuginfoamazon-linux-2023-upgrade-php8-3-modphpamazon-linux-2023-upgrade-php8-3-modphp-debuginfoamazon-linux-2023-upgrade-php8-3-mysqlndamazon-linux-2023-upgrade-php8-3-mysqlnd-debuginfoamazon-linux-2023-upgrade-php8-3-odbcamazon-linux-2023-upgrade-php8-3-odbc-debuginfoamazon-linux-2023-upgrade-php8-3-opcacheamazon-linux-2023-upgrade-php8-3-opcache-debuginfoamazon-linux-2023-upgrade-php8-3-pdoamazon-linux-2023-upgrade-php8-3-pdo-debuginfoamazon-linux-2023-upgrade-php8-3-pgsqlamazon-linux-2023-upgrade-php8-3-pgsql-debuginfoamazon-linux-2023-upgrade-php8-3-processamazon-linux-2023-upgrade-php8-3-process-debuginfoamazon-linux-2023-upgrade-php8-3-pspellamazon-linux-2023-upgrade-php8-3-pspell-debuginfoamazon-linux-2023-upgrade-php8-3-snmpamazon-linux-2023-upgrade-php8-3-snmp-debuginfoamazon-linux-2023-upgrade-php8-3-soapamazon-linux-2023-upgrade-php8-3-soap-debuginfoamazon-linux-2023-upgrade-php8-3-sodiumamazon-linux-2023-upgrade-php8-3-sodium-debuginfoamazon-linux-2023-upgrade-php8-3-tidyamazon-linux-2023-upgrade-php8-3-tidy-debuginfoamazon-linux-2023-upgrade-php8-3-xmlamazon-linux-2023-upgrade-php8-3-xml-debuginfoamazon-linux-2023-upgrade-php8-3-zipamazon-linux-2023-upgrade-php8-3-zip-debuginfoamazon-linux-2023-upgrade-php8-4amazon-linux-2023-upgrade-php8-4-bcmathamazon-linux-2023-upgrade-php8-4-bcmath-debuginfoamazon-linux-2023-upgrade-php8-4-cliamazon-linux-2023-upgrade-php8-4-cli-debuginfoamazon-linux-2023-upgrade-php8-4-commonamazon-linux-2023-upgrade-php8-4-common-debuginfoamazon-linux-2023-upgrade-php8-4-dbaamazon-linux-2023-upgrade-php8-4-dba-debuginfoamazon-linux-2023-upgrade-php8-4-dbgamazon-linux-2023-upgrade-php8-4-dbg-debuginfoamazon-linux-2023-upgrade-php8-4-debuginfoamazon-linux-2023-upgrade-php8-4-debugsourceamazon-linux-2023-upgrade-php8-4-develamazon-linux-2023-upgrade-php8-4-embeddedamazon-linux-2023-upgrade-php8-4-embedded-debuginfoamazon-linux-2023-upgrade-php8-4-enchantamazon-linux-2023-upgrade-php8-4-enchant-debuginfoamazon-linux-2023-upgrade-php8-4-ffiamazon-linux-2023-upgrade-php8-4-ffi-debuginfoamazon-linux-2023-upgrade-php8-4-fpmamazon-linux-2023-upgrade-php8-4-fpm-debuginfoamazon-linux-2023-upgrade-php8-4-gdamazon-linux-2023-upgrade-php8-4-gd-debuginfoamazon-linux-2023-upgrade-php8-4-gmpamazon-linux-2023-upgrade-php8-4-gmp-debuginfoamazon-linux-2023-upgrade-php8-4-intlamazon-linux-2023-upgrade-php8-4-intl-debuginfoamazon-linux-2023-upgrade-php8-4-ldapamazon-linux-2023-upgrade-php8-4-ldap-debuginfoamazon-linux-2023-upgrade-php8-4-mbstringamazon-linux-2023-upgrade-php8-4-mbstring-debuginfoamazon-linux-2023-upgrade-php8-4-modphpamazon-linux-2023-upgrade-php8-4-modphp-debuginfoamazon-linux-2023-upgrade-php8-4-mysqlndamazon-linux-2023-upgrade-php8-4-mysqlnd-debuginfoamazon-linux-2023-upgrade-php8-4-odbcamazon-linux-2023-upgrade-php8-4-odbc-debuginfoamazon-linux-2023-upgrade-php8-4-opcacheamazon-linux-2023-upgrade-php8-4-opcache-debuginfoamazon-linux-2023-upgrade-php8-4-pdoamazon-linux-2023-upgrade-php8-4-pdo-debuginfoamazon-linux-2023-upgrade-php8-4-pgsqlamazon-linux-2023-upgrade-php8-4-pgsql-debuginfoamazon-linux-2023-upgrade-php8-4-processamazon-linux-2023-upgrade-php8-4-process-debuginfoamazon-linux-2023-upgrade-php8-4-snmpamazon-linux-2023-upgrade-php8-4-snmp-debuginfoamazon-linux-2023-upgrade-php8-4-soapamazon-linux-2023-upgrade-php8-4-soap-debuginfoamazon-linux-2023-upgrade-php8-4-sodiumamazon-linux-2023-upgrade-php8-4-sodium-debuginfoamazon-linux-2023-upgrade-php8-4-tidyamazon-linux-2023-upgrade-php8-4-tidy-debuginfoamazon-linux-2023-upgrade-php8-4-xmlamazon-linux-2023-upgrade-php8-4-xml-debuginfoamazon-linux-2023-upgrade-php8-4-zipamazon-linux-2023-upgrade-php8-4-zip-debuginfo
References
- CVE-2025-14178
- https://attackerkb.com/topics/CVE-2025-14178
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1352.html
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1353.html
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1354.html
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1355.html
- CWE-787
- CWE-190
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.