Stream HTTP wrapper header check might omit basic auth header

Kurzinfo

Veroeffentlicht: 2025-03-13 17:44 UTC Importiert: 2026-05-14 18:44 UTC Quelle-ID: php_sec uid_hash: 950373047f4ff6cb2316e0e813b0722aa46402482602e7a4c4ff8be30fefcec0
PHP Security (php/php-src GHSA)

Inhalt

Details

Currently the header check in check_has_header does not verify \r which could potentially lead to some misbehaviour if only \n is used in the header value. If this value is provided by user and not checked properly (e.g. it can be cookie value and it is not unlikely it could be taken from the user input (at least partially)), then it could specify it like for example Cookie: x=y\nauhtorization:x\r\n. If the URL has user part in it, then this can disable sending of that authorization header. That could potentially impact the result and lead potentially to DoS or potentially to some unexpected issues.

Impact

Preventing authorization header to be sent.

There are also some implication for other headers like user-agent and other checked by this functions. The impact is less likely but there could be possibly some security implications as well.

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2025-1736

 - - - -

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
PHP Security (php/php-src GHSA)

php_sec

 vendor_advisory php, runtime - de https://github.com/php/php-src/security/advisories
Zurueck zur Eintrags-Liste