All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-14355
MEDIUMpublished 2026-07-03 21:16 UTC · 18 hours ago
5.6
CVSS / 10
// description
In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort.
// weaknesses (CWE)
- CWE-122