VDB
GCVE-110-MAGEIA-2024-262
GCVE-110-MAGEIA-2024-262
Advisory Published
This update ships the latest version of php 8.2. It brings fixed
security issues and the usual bug fixes.
Vulnerability:
A code logic error, filtering functions such as filter_var when
validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the
function will result in invalid user information (username + password
part of URLs) being treated as valid user information. This may lead to
the downstream code accepting invalid URLs as valid and parsing them
incorrectly. (CVE-2024-5458)
Notable fixes:
DOM:
Fixed bug GH-14343 (Memory leak in xml and dom).
FPM:
Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
MySQLnd:
Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query).
Posix:
Fix usage of reentrant functions in ext/posix.
Soap:
Various memory issues
SPL:
Fixed bug GH-14290 (Member access within null pointer in extension
spl).
Streams:
Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was
not allocated and malloc: double free for ptr errors).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php | 8.2.21-2.mga9 (unaffected), 0 (affected) | — |
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.