In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

Header parser of http stream wrapper does not handle folded headers

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...

Header parser of `http` stream wrapper does not handle folded headers

Уязвимость интерпретатора языка программирования PHP, связанная с недостатками обработки заголовков HTTP-запросов, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

Moderate: php security update

ELSA-2025-7431: php security update (MODERATE)

Security update for php7

Security update for php7

Security update for php8

Security update for php8

Important: php security update

Important: php:8.3 security update

ELSA-2025-7489: php security update (IMPORTANT)

ELSA-2025-7418: php:8.3 security update (IMPORTANT)

Moderate: php:8.2 security update

Moderate: php:8.1 security update

Moderate: php:8.2 security update