PHP
Moderate fix4 remedies
cpe:2.3:a:php:php:*:*:*:*:*:*:*
Moderate fix4 remedies
- < 8.1.32
- < 8.2.28
- < 8.3.19
- < 8.4.5
PHP HTTP Redirect Location Buffer Size Limitation Vulnerability
Vulnerability
Patched
A vulnerability exists in PHP versions prior to 8.1.32, prior to 8.2.28, prior to 8.3.19, and prior to 8.4.5, due to an inadequate buffer size for HTTP redirect location values. The buffer is limited to 1024 bytes, while RFC 9110 recommends a limit of 8000 bytes. This restriction may lead to incorrect URL truncation, causing redirections to incorrect locations. In some cases, it could result in a denial-of-service condition for the remote site if the truncated URL generates an error.
Impact
Exploitation of this vulnerability could cause sensitive information to be omitted from URLs, potentially leading to incorrect redirections or errors on the remote site.
Remediation
Users can upgrade to PHP versions 8.1.32, 8.2.28, 8.3.19, or 8.4.5 to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
9.4impact
2.5exploitability
6.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.