Red Hat Security Advisory: php:7.4 security update
A heap-based buffer overflow vulnerability exists in the PHP 7. 4 array_merge() function as identified in CVE-2025-14178. This vulnerability affects PHP packaged for Red Hat Enterprise Linux 8. 6 variants. Red Hat has issued a security advisory rating this issue as having a moderate security impact and has released an update to address it. The advisory provides instructions for applying the update to remediate the vulnerability.
AI Analysis
Technical Summary
CVE-2025-14178 is a heap-based buffer overflow vulnerability in the array_merge() function of PHP 7.4. This vulnerability is present in the PHP packages distributed with Red Hat Enterprise Linux 8.6 and related update services. Red Hat Product Security has classified the severity as moderate and released updated PHP packages to fix the issue. The advisory references Red Hat's errata RHSA-2026:4517 and provides links for patch application instructions. No CVSS score is provided in the advisory or CVE data.
Potential Impact
The vulnerability allows for a heap-based buffer overflow in PHP's array_merge() function, which could potentially lead to memory corruption. The Red Hat advisory rates the impact as moderate. There are no known exploits in the wild at this time. The vulnerability affects PHP installations on Red Hat Enterprise Linux 8.6 and related update services.
Mitigation Recommendations
Red Hat has released updated PHP 7.4 packages that address this vulnerability. Users of affected Red Hat Enterprise Linux 8.6 variants should apply the security update as described in Red Hat advisory RHSA-2026:4517 and the related update instructions at https://access.redhat.com/articles/11258. Applying this official update is the recommended remediation. Patch status is confirmed by the vendor advisory.
Red Hat Security Advisory: php:7.4 security update
Description
A heap-based buffer overflow vulnerability exists in the PHP 7. 4 array_merge() function as identified in CVE-2025-14178. This vulnerability affects PHP packaged for Red Hat Enterprise Linux 8. 6 variants. Red Hat has issued a security advisory rating this issue as having a moderate security impact and has released an update to address it. The advisory provides instructions for applying the update to remediate the vulnerability.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-14178 is a heap-based buffer overflow vulnerability in the array_merge() function of PHP 7.4. This vulnerability is present in the PHP packages distributed with Red Hat Enterprise Linux 8.6 and related update services. Red Hat Product Security has classified the severity as moderate and released updated PHP packages to fix the issue. The advisory references Red Hat's errata RHSA-2026:4517 and provides links for patch application instructions. No CVSS score is provided in the advisory or CVE data.
Potential Impact
The vulnerability allows for a heap-based buffer overflow in PHP's array_merge() function, which could potentially lead to memory corruption. The Red Hat advisory rates the impact as moderate. There are no known exploits in the wild at this time. The vulnerability affects PHP installations on Red Hat Enterprise Linux 8.6 and related update services.
Mitigation Recommendations
Red Hat has released updated PHP 7.4 packages that address this vulnerability. Users of affected Red Hat Enterprise Linux 8.6 variants should apply the security update as described in Red Hat advisory RHSA-2026:4517 and the related update instructions at https://access.redhat.com/articles/11258. Applying this official update is the recommended remediation. Patch status is confirmed by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:4517
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a248d78e29bf47b50d651b7
Added to database: 6/6/2026, 9:13:28 PM
Last enriched: 6/6/2026, 9:20:26 PM
Last updated: 6/6/2026, 11:54:10 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.