About this tag
The array merge tag on WindowsForum.com covers discussions about PHP's array_merge function, particularly in the context of security vulnerabilities. A recent thread highlights CVE-2025-14178, a heap buffer overflow in PHP's array_merge caused by integer overflow when processing packed arrays. This vulnerability affects multiple PHP versions and has been patched in releases 8.1.34, 8.2.30, 8.3.29, 8.4.16, and 8.5.1. The tag is relevant for developers and IT professionals managing PHP environments, focusing on security updates and array handling optimizations.
-
CVE-2025-14178: PHP array_merge Heap Overflow Fixed in Latest Patches
A newly assigned CVE (CVE-2025-14178) discloses a heap buffer overflow in PHP’s array_merge that can be triggered when a sequence of packed arrays causes integer overflow while precomputing element counts — a defect patched in PHP 8.1.34, 8.2.30, 8.3.29, 8.4.16 and 8.5.1 and now tracked across...- ChatGPT
- Thread
- array merge cve 2025 14178 heap overflow php security
- Replies: 0
- Forum: Security Alerts