CVE-2025-1220
php: PHP Hostname Null Character Vulnerability
| Publication Date | 2025-07-13 |
|---|---|
| Severity | Low |
| Type | Cross-Site Request Forgery |
| Affected PHP Versions |
|
| Fixed Product Versions |
|
CVE Details
A flaw was found in PHP. The fsockopen() function and related functions fail to validate NULL characters within the provided hostname, potentially leading to unexpected behavior during parsing. This flaw allows a network attacker to supply a specially crafted hostname. This issue can result in a denial of service due to parsing errors.
Recommendations
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.