From 05859c4f34cfb0b8e2c1dddfb933379ac77d45a1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 30 Mar 2025 06:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/1xxx/CVE-2025-1219.json | 96 +++++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1734.json | 97 ++++++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1736.json | 97 ++++++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1861.json | 97 ++++++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2962.json | 18 +++++++ 5 files changed, 385 insertions(+), 20 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2962.json diff --git a/2025/1xxx/CVE-2025-1219.json b/2025/1xxx/CVE-2025-1219.json index e31a49e7068..b72e068d73a 100644 --- a/2025/1xxx/CVE-2025-1219.json +++ b/2025/1xxx/CVE-2025-1219.json @@ -1,18 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@php.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type\u00a0header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "8.1.32", + "status": "affected", + "version": "8.1.*", + "versionType": "semver" + }, + { + "lessThan": "8.2.28", + "status": "affected", + "version": "8.2.*", + "versionType": "semver" + }, + { + "lessThan": "8.3.19", + "status": "affected", + "version": "8.3.*", + "versionType": "semver" + }, + { + "lessThan": "8.4.5", + "status": "affected", + "version": "8.4.*", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc", + "refsource": "MISC", + "name": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7", + "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Tim D\u00fcsterhus" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1734.json b/2025/1xxx/CVE-2025-1734.json index 582c8a9c518..55ae6f410ed 100644 --- a/2025/1xxx/CVE-2025-1734.json +++ b/2025/1xxx/CVE-2025-1734.json @@ -1,18 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1734", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@php.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "8.1.32", + "status": "affected", + "version": "8.1.*", + "versionType": "semver" + }, + { + "lessThan": "8.2.28", + "status": "affected", + "version": "8.2.*", + "versionType": "semver" + }, + { + "lessThan": "8.3.19", + "status": "affected", + "version": "8.3.*", + "versionType": "semver" + }, + { + "lessThan": "8.4.5", + "status": "affected", + "version": "8.4.*", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44", + "refsource": "MISC", + "name": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36", + "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jakub Zelenka" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1736.json b/2025/1xxx/CVE-2025-1736.json index dfa70337c7d..7f68e3a25c9 100644 --- a/2025/1xxx/CVE-2025-1736.json +++ b/2025/1xxx/CVE-2025-1736.json @@ -1,18 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@php.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "8.1.32", + "status": "affected", + "version": "8.1.*", + "versionType": "semver" + }, + { + "lessThan": "8.2.28", + "status": "affected", + "version": "8.2.*", + "versionType": "semver" + }, + { + "lessThan": "8.3.19", + "status": "affected", + "version": "8.3.*", + "versionType": "semver" + }, + { + "lessThan": "8.4.5", + "status": "affected", + "version": "8.4.*", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528", + "refsource": "MISC", + "name": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96f", + "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jakub Zelenka" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1861.json b/2025/1xxx/CVE-2025-1861.json index e649b871abd..332caa2d878 100644 --- a/2025/1xxx/CVE-2025-1861.json +++ b/2025/1xxx/CVE-2025-1861.json @@ -1,18 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1861", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@php.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-131 Incorrect Calculation of Buffer Size", + "cweId": "CWE-131" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "8.1.32", + "status": "affected", + "version": "8.1.*", + "versionType": "semver" + }, + { + "lessThan": "8.2.28", + "status": "affected", + "version": "8.2.*", + "versionType": "semver" + }, + { + "lessThan": "8.3.19", + "status": "affected", + "version": "8.3.*", + "versionType": "semver" + }, + { + "lessThan": "8.4.5", + "status": "affected", + "version": "8.4.*", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff", + "refsource": "MISC", + "name": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrp", + "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jakub Zelenka" + } + ] } \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2962.json b/2025/2xxx/CVE-2025-2962.json new file mode 100644 index 00000000000..27f91719d0e --- /dev/null +++ b/2025/2xxx/CVE-2025-2962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file