GHSA-52jp-hrpf-2jff

Опубликовано: 13 мар. 2025

Источник: github

Github: Не прошло ревью

Описание

Stream HTTP wrapper truncate redirect location to 1024 bytes

There is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per https://www.rfc-editor.org/rfc/rfc9110#name-uri-references , the limit is recommended to 8000. The browser limit is usually around 2048 so 1024 is really too low and it might have a real impact in practice.

Impact

The URI truncation might result in omitting some critical information (e.g. from the query) or even redirection to other resources. It could even result in DOS of the remote site if the trucated URL results in error.

Workarounds

There is no real workaround for this

Пакеты

Наименование

Отсутствует

Затронутые версииВерсия исправления

< 8.1.32

8.1.32

Наименование

Отсутствует

Затронутые версииВерсия исправления

< 8.2.28

8.2.28

Наименование

Отсутствует

Затронутые версииВерсия исправления

< 8.3.18

8.3.19

Наименование

Отсутствует

Затронутые версииВерсия исправления

< 8.4.5

8.4.5

EPSS

Процентиль: 27%

0.0009

Низкий

CVE ID

CVE-2025-1861

Связанные уязвимости

CVE-2025-1861

ubuntu

3 месяца назад

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.