Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
PHP NULL Pointer Dereference Vulnerability - CVE-2025-14180 - Vulnerability Database
PHP

PHP NULL Pointer Dereference Vulnerability - CVE-2025-14180

High
Reference: CVE-2025-14180
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-14180
Title: PHP NULL Pointer Dereference Vulnerability
Overview:

In PHP versions 8.1. before 8.1.34 8.2. before 8.2.30 8.3. before 8.3.29 8.4. before 8.4.16 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled an invalid character sequence (such as x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.