Primary

Context

PHP Integer Overflow Vulnerability in ldap_escape Function on 32-Bit Systems

Vulnerability

Patched

An integer overflow vulnerability has been identified in PHP versions 8.1.* prior to 8.1.31, 8.2.* prior to 8.2.26, and 8.3.* prior to 8.3.14. This vulnerability arises from uncontrolled long string inputs to the ldap_escape() function on 32-bit systems, leading to an out-of-bounds write.

Impact

Exploitation of this vulnerability causes an integer overflow, resulting in an out-of-bounds write, which can potentially be exploited to overwrite memory and cause a heap-use-after-free condition.

Remediation

Users can upgrade to PHP versions 8.1.31, 8.2.26, or 8.3.14 to address this vulnerability.

Added: May 15, 2026, 11:58 AM

Updated: May 15, 2026, 11:58 AM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHP Integer Overflow Vulnerability in ldap_escape Function on 32-Bit Systems

Vulnerability

Impact

Remediation

Affected Products

PHP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating