Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian php8.4 Critical Memory Corruption DSA-6377-1 CVE-2026-14355

debian
Calendar Grey July 4, 2026
Debian Logo
Discover a critical buffer overflow in PHP's OpenSSL extension patched in Debian DSA-6377-1.
It was discovered that a buffer overflow in the implementation of AES Key Wrap with Padding in the openssl extension of PHP, a widely-used open source general purpose scripting lan...

Summary

For the stable distribution (trixie), this problem has been fixed in
version 8.4.23-1~deb13u1.

We recommend that you upgrade your php8.4 packages.

For the detailed security status of php8.4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php8.4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: php8.4
CVE ID: CVE-2026-14355

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here