Uninitialized Pointer Dereference in PHP

UNKNOWN No Patch (2837 days)
buffer-overflowphppointer-dereferenceserver-side-scripting

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

PHP is a server-side scripting language used for web development. This vulnerability allows attackers to execute arbitrary code on the server by manipulating uninitialized pointers in the PHP interpreter.

Am I affected?

You're affected if you use PHP versions 7.4 and earlier, specifically due to an incorrect assumption about pointer initialization.
Check with: grep -q 'PHP 7.[0-9]' /etc/php.ini or find /usr/lib/php -name php*.so

Affected Packages

pypi: php/php

Affected Products

PHP Group / PHP

How to fix

  1. Upgrade to PHP 7.5 or later from the official website: https://php.net/downloads
  2. If immediate upgrade isn't possible, consider applying a patch using the PHP manual's guide for fixing uninitialized pointers.