Skip to content

Null byte termination in dns_get_record()

Low
bukka published GHSA-www2-q4fc-65wf Dec 18, 2025

Package

No package listed

Affected versions

< 8.1.34
< 8.2.30
< 8.3.29
< 8.4.16
< 8.5.1

Patched versions

8.1.34
8.2.30
8.3.29
8.4.16
8.5.1

Description

Summary

As GHSA-3cr5-j632-f35r, same null termination is occuring

Details

dns_get_record() and other DNS functions don't have any null contain check, leads potential SSRF or unexpected behavior.

PoC

<?php

var_dump(dns_get_record("php.net\0aa"));

Result: DNS records of php.net
Expect: Fails to call

Security impact

(Even though it's too low but,) Probability of SSRF

Severity

Low

CVE ID

No known CVE

Weaknesses

No CWEs

Credits