In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
Weakness
The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 8.1.0 (including) | 8.1.32 (excluding) |
| Php | Php | 8.2.0 (including) | 8.2.28 (excluding) |
| Php | Php | 8.3.0 (including) | 8.3.19 (excluding) |
| Php | Php | 8.4.0 (including) | 8.4.5 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | php-0:8.3.19-1.el10_0 | * |
| Red Hat Enterprise Linux 8 | RedHat | php:8.2-8100020250903052702.f7998665 | * |
| Red Hat Enterprise Linux 9 | RedHat | php:8.1-9050020250423093228.9 | * |
| Red Hat Enterprise Linux 9 | RedHat | php:8.3-9060020250409105946.9 | * |
| Red Hat Enterprise Linux 9 | RedHat | php-0:8.0.30-3.el9_6 | * |
| Red Hat Enterprise Linux 9 | RedHat | php:8.2-9060020250428130539.9 | * |
| Php7.4 | Ubuntu | esm-infra/focal | * |
| Php7.4 | Ubuntu | focal | * |
| Php8.1 | Ubuntu | jammy | * |
| Php8.3 | Ubuntu | noble | * |
| Php8.3 | Ubuntu | oracular | * |
| Php8.4 | Ubuntu | devel | * |
| Php8.4 | Ubuntu | plucky | * |
| Php8.4 | Ubuntu | questing | * |