| Package | php7.3 |
|---|---|
| Version | 7.3.31-1~deb10u12 (buster) |
| Related CVEs | CVE-2025-14178 |
Security issues were found in PHP, a widely-used open source general purpose scripting language, which could result in server side request forgery or denial of service.
- CVE-2025-14178
-
Heap buffer overflow in
array_merge(). - GHSA-www2-q4fc-65wf
-
dns_get_record()and other DNS functions don’t have any null contain check, which may lead to SSRF or unexpected behavior. While this has a (low) security impact, no CVE ID was assigned for this vulnerability yet.
For Debian 10 buster, these problems have been fixed in version 7.3.31-1~deb10u12.
We recommend that you upgrade your php7.3 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.