{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-14355","assignerOrgId":"dd77f84a-d19a-4638-8c3d-a322d820ed2b","state":"PUBLISHED","assignerShortName":"php","dateReserved":"2026-07-01T17:52:41.706Z","datePublished":"2026-07-03T20:57:31.958Z","dateUpdated":"2026-07-06T13:57:58.387Z"},"containers":{"cna":{"providerMetadata":{"orgId":"dd77f84a-d19a-4638-8c3d-a322d820ed2b","shortName":"php","dateUpdated":"2026-07-03T20:59:02.604Z"},"title":"ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-122","description":"CWE-122 Heap-based buffer overflow","type":"CWE"}]}],"affected":[{"vendor":"php","product":"php","collectionURL":"https://www.php.net/","packageName":"openssl","modules":["ext/openssl"],"versions":[{"status":"affected","version":"8.2.0","lessThan":"8.2.32","versionType":"semver"},{"status":"affected","version":"8.3.0","lessThan":"8.3.32","versionType":"semver"},{"status":"affected","version":"8.4.0","lessThan":"8.4.23","versionType":"semver"},{"status":"affected","version":"8.5.0","lessThan":"8.5.8","versionType":"semver"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort.</p>"}]}],"references":[{"url":"https://github.com/php/php-src/security/advisories/GHSA-7jrw-539f-x6vr","name":"GitHub Security Advisory GHSA-7jrw-539f-x6vr","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseSeverity":"MEDIUM","baseScore":5.6,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}}],"credits":[{"lang":"en","value":"Oleg Baturin","type":"finder"},{"lang":"en","value":"David CARLIER","type":"remediation developer"}],"source":{"advisory":"GHSA-7jrw-539f-x6vr","discovery":"EXTERNAL","defenseOmission":false},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2026/07/msg00010.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-07-04T15:25:16.999Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-07-06T13:57:51.767008Z","id":"CVE-2026-14355","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-06T13:57:58.387Z"}}]}}