{"id":"AZL-73198","summary":"CVE-2025-14178 affecting package php for versions less than 8.3.29-1","details":"In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.","modified":"2026-04-01T05:22:16.371682Z","published":"2025-12-27T20:15:40Z","upstream":["CVE-2025-14178"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14178"}],"affected":[{"package":{"name":"php","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/php"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.3.29-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73198.json"}}],"schema_version":"1.7.5"}