| Package | php7.0 |
|---|---|
| Version | 7.0.33-0+deb9u22 (stretch) |
| Related CVEs | CVE-2025-1220 CVE-2025-1735 CVE-2025-6491 |
- CVE-2025-1220
-
Jihwan Kim discovered that
fsockopen()lack validation that the hostname supplied does not contain null characters, which may lead to other functions likeparse_url()to treat the hostname in an incorrect way, thereby potentially causing Server Side Request Forgery. - CVE-2025-1735
-
It was discovered that
pgsqlandpdo_pgsqlescaping functions do not check if the underlying quoting functions returned errors, which may lead to crashes due to null pointer dereferences.This issue is related to CVE-2025-1094 which was reported to PostgreSQL.
- CVE-2025-6491
-
Ahmed Lekssays discovered that
SoapVarinstances created with a fully qualified name larger than 2G could lead to denial of service due to null pointer dereference.
For Debian 9 stretch, these problems have been fixed in version 7.0.33-0+deb9u22.
We recommend that you upgrade your php7.0 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.