Updated: 2025-11-10 02:43:26.067207
Description:
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Alpine Linux 3.22 | php | 7.3 | 7.3 | HIGH | Released | CLSA-2026:1771245338 | 2026-02-16 14:41:25 | |
| Alpine Linux 3.22 | php | 7.4 | 7.3 | HIGH | Released | CLSA-2026:1769188145 | 2026-01-23 21:45:38 | |
| Alpine Linux 3.22 | php | 8.1 | 7.3 | HIGH | Already Fixed | 2026-02-18 11:30:43 | ||
| Debian 10 | php | 8.0 | 7.3 | HIGH | Released | CLSA-2025:1747426836 | 2025-05-17 05:22:40 | |
| Debian 10 | php | 5.6 | 7.3 | HIGH | Ignored | 2025-06-19 07:02:18 | ||
| Debian 10 | php | 7.3 | 7.3 | HIGH | Released | CLSA-2025:1747427595 | 2025-05-18 04:54:33 | |
| Debian 10 | php | 8.2 | 7.3 | HIGH | Already Fixed | CLSA-2025:1747138834 | 2025-05-28 00:15:41 | |
| Debian 10 | php | 8.1 | 7.3 | HIGH | Already Fixed | 2025-05-28 00:15:41 | ||
| Debian 10 | php | 7.0 | 7.3 | HIGH | Ignored | 2025-06-19 07:02:15 | ||
| Debian 10 | php | 7.1 | 7.3 | HIGH | Ignored | 2025-06-19 07:02:15 |