Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-14355
Received
More InfoOfficial Page
Source-security@php.net
View Known Exploited Vulnerability (KEV) details
Published At-03 Jul, 2026 | 21:16
Updated At-04 Jul, 2026 | 16:17

In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-122Secondarysecurity@php.net
CWE ID: CWE-122
Type: Secondary
Source: security@php.net
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/php/php-src/security/advisories/GHSA-7jrw-539f-x6vrsecurity@php.net
N/A
https://lists.debian.org/debian-lts-announce/2026/07/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/php/php-src/security/advisories/GHSA-7jrw-539f-x6vr
Source: security@php.net
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2026/07/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found

Details not found