| Name | CVE-2025-14179 |
| Description | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens to be interpreted as part of the string. This allows SQL injection when attacker-controlled values are quoted via PDO::quote() and embedded in SQLÂ statements. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-6255-1, DSA-6256-1 |
| Debian Bugs | 1136054 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| php7.4 (PTS) | bullseye | 7.4.33-1+deb11u5 | fixed |
| bullseye (security) | 7.4.33-1+deb11u11 | fixed | |
| php8.2 (PTS) | bookworm, bookworm (security) | 8.2.31-1~deb12u1 | fixed |
| php8.4 (PTS) | trixie | 8.4.16-1~deb13u1 | vulnerable |
| trixie (security) | 8.4.21-1~deb13u1 | fixed | |
| forky, sid | 8.4.21-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| php7.4 | source | (unstable) | (not affected) | |||
| php8.2 | source | bookworm | 8.2.31-1~deb12u1 | DSA-6255-1 | ||
| php8.2 | source | (unstable) | (unfixed) | |||
| php8.4 | source | trixie | 8.4.21-1~deb13u1 | DSA-6256-1 | ||
| php8.4 | source | (unstable) | 8.4.21-1 | 1136054 |
- php7.4 <not-affected> (Vulnerable code introduced later)
https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm
https://github.com/php/php-src/commit/3f40b65323dd1b85e9bab6878237d3867e449d5c
Introduced with: https://github.com/php/php-src/commit/17a789e27c31ca13ba4bab6fcfc265d2dd0589a2 (php-8.0.0RC2)