CVE-2025-14180
Unknown Unknown - Not Provided
Null Pointer Dereference in PHP PDO PostgreSQL Causes Server Crash

Publication date: 2025-12-27

Last updated on: 2025-12-27

Assigner: PHP Group

Description
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-27
Last Modified
2025-12-27
Generated
2026-06-16
AI Q&A
2025-12-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14180
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
php php 8.5
php php 8.2
php php 8.3
php php 8.1
php php 8.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can cause the PHP server to crash due to a null pointer dereference, resulting in segmentation faults. This affects the availability of the target server, potentially causing downtime or service interruptions.

Executive Summary

This vulnerability occurs in certain PHP versions when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled. If a prepared statement parameter contains an invalid character sequence (such as \x99), the quoting function PQescapeStringConn may return NULL. This causes a null pointer dereference in the pdo_parse_params() function, which can lead to crashes (segmentation faults) and affect the availability of the server.

Mitigation Strategies

To mitigate this vulnerability, immediately update PHP to a fixed version: 8.1.34 or later for the 8.1 branch, 8.2.30 or later for the 8.2 branch, 8.3.29 or later for the 8.3 branch, 8.4.16 or later for the 8.4 branch, or 8.5.1 or later for the 8.5 branch. Alternatively, if updating is not immediately possible, disable PDO::ATTR_EMULATE_PREPARES when using the PDO PostgreSQL driver to avoid triggering the issue.

Compliance Impact

The vulnerability leads to a denial of service (DoS) by causing crashes in the PHP process but does not result in loss of confidentiality or integrity. Therefore, it primarily affects availability. There is no direct indication that this vulnerability impacts compliance with standards like GDPR or HIPAA, which focus on data protection and privacy. However, availability issues could indirectly affect compliance if critical services are disrupted. [1]

Detection Guidance

This vulnerability can be detected by testing if your PHP environment with the PDO PostgreSQL driver and PDO::ATTR_EMULATE_PREPARES enabled crashes when executing prepared statements containing invalid byte sequences such as "\x99". For example, you can run a PHP script that prepares and executes a statement with a parameter containing an invalid character sequence (e.g., "alice\x99"). If the PHP process crashes with a segmentation fault, it indicates the vulnerability is present. There are no specific network detection commands provided. To test locally, you can use a PHP script similar to: ```php $pdo = new PDO('pgsql:host=localhost;dbname=test', 'user', 'pass', [PDO::ATTR_EMULATE_PREPARES => true]); $stmt = $pdo->prepare('SELECT * FROM users WHERE name = ?'); $stmt->execute(["alice\x99"]); ``` If this causes a crash, the vulnerability exists. Additionally, checking your PHP version against the fixed versions (8.1.34, 8.2.30, 8.3.29, 8.4.16, 8.5.1) can help determine if you are vulnerable. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14180. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart