Bug 2425625 (CVE-2025-14178) - CVE-2025-14178 php: heap-based buffer overflow in array_merge()
Summary: CVE-2025-14178 php: heap-based buffer overflow in array_merge()
Keywords:
Status: NEW
Alias: CVE-2025-14178
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-27 20:01 UTC by OSIDB Bzimport
Modified: 2026-02-17 10:42 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:1169 0 None None None 2026-01-26 10:24:23 UTC
Red Hat Product Errata RHSA-2026:1185 0 None None None 2026-01-26 11:35:59 UTC
Red Hat Product Errata RHSA-2026:1187 0 None None None 2026-01-26 12:05:42 UTC
Red Hat Product Errata RHSA-2026:1190 0 None None None 2026-01-26 12:47:39 UTC
Red Hat Product Errata RHSA-2026:1409 0 None None None 2026-01-27 17:55:29 UTC
Red Hat Product Errata RHSA-2026:1412 0 None None None 2026-01-27 17:30:03 UTC
Red Hat Product Errata RHSA-2026:1429 0 None None None 2026-01-27 19:25:51 UTC
Red Hat Product Errata RHSA-2026:1628 0 None None None 2026-02-02 01:48:41 UTC
Red Hat Product Errata RHSA-2026:2470 0 None None None 2026-02-10 20:13:50 UTC
Red Hat Product Errata RHSA-2026:2799 0 None None None 2026-02-17 10:42:17 UTC

Description OSIDB Bzimport 2025-12-27 20:01:08 UTC 
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
Comment 2 errata-xmlrpc 2026-01-26 10:24:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:1169 https://access.redhat.com/errata/RHSA-2026:1169
Comment 3 errata-xmlrpc 2026-01-26 11:35:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:1185 https://access.redhat.com/errata/RHSA-2026:1185
Comment 4 errata-xmlrpc 2026-01-26 12:05:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:1187 https://access.redhat.com/errata/RHSA-2026:1187
Comment 5 errata-xmlrpc 2026-01-26 12:47:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:1190 https://access.redhat.com/errata/RHSA-2026:1190
Comment 6 errata-xmlrpc 2026-01-27 17:30:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:1412 https://access.redhat.com/errata/RHSA-2026:1412
Comment 7 errata-xmlrpc 2026-01-27 17:55:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1409 https://access.redhat.com/errata/RHSA-2026:1409
Comment 8 errata-xmlrpc 2026-01-27 19:25:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1429 https://access.redhat.com/errata/RHSA-2026:1429
Comment 9 errata-xmlrpc 2026-02-02 01:48:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:1628 https://access.redhat.com/errata/RHSA-2026:1628
Comment 10 errata-xmlrpc 2026-02-10 20:13:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:2470 https://access.redhat.com/errata/RHSA-2026:2470
Comment 11 errata-xmlrpc 2026-02-17 10:42:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:2799 https://access.redhat.com/errata/RHSA-2026:2799
Note You need to log in before you can comment on or make changes to this bug.