php-pear vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the php-pear package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M CVE-2025-1861	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2025-1736	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2025-1734	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2025-1219	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M Interpretation Conflict	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2024-8929	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M Arbitrary Code Injection	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M Out-of-bounds Write	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2025-6491	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2025-1735	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
H CVE-2025-14180	<1:1.10.14-1.module+el8.10.0+1596+477f03f8
M Integer Overflow or Wraparound	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2025-14177	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2025-1220	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M Out-of-bounds Write	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2024-9026	<1:1.10.14-1.module+el8.10.0+1596+477f03f8
M CVE-2024-8927	<1:1.10.14-1.module+el8.10.0+1596+477f03f8
M HTTP Request Smuggling	<1:1.10.14-1.module+el8.10.0+1596+477f03f8
M Insufficient Verification of Data Authenticity	<1:1.10.14-1.module+el8.10.0+1596+477f03f8
M CVE-2024-3096	<1:1.10.14-1.module+el8.10.0+1596+477f03f8
M CVE-2024-2756	<1:1.10.14-1.module+el8.10.0+1596+477f03f8
H Out-of-Bounds	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
H XML External Entity (XXE) Injection	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
H Use of Insufficiently Random Values	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
H Resource Exhaustion	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
H Allocation of Resources Without Limits or Throttling	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
H Use of Password Hash With Insufficient Computational Effort	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M Integer Overflow or Wraparound	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2022-31631	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M Out-of-bounds Read	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M CVE-2022-31629	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:1.10.13-1.module+el8.10.0+1604+6558efc7
C Out-of-bounds Write	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Use of Uninitialized Resource	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Access Restriction Bypass	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M Out-of-bounds Read	<1:1.10.5-9.module+el8.4.0+413+c9202dda
M CVE-2020-7066	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Write	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Improper Preservation of Permissions	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M NULL Pointer Dereference	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Uncontrolled Recursion	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M NULL Pointer Dereference	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Use After Free	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Integer Overflow or Wraparound	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Arbitrary Code Injection	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M NULL Pointer Dereference	<1:1.10.12-1.module+el8.6.0+789+2130c178
M Improper Input Validation	<1:1.10.12-1.module+el8.6.0+789+2130c178
M Reliance on Cookies without Validation and Integrity Checking	<1:1.10.12-1.module+el8.6.0+789+2130c178
M Inadequate Encryption Strength	<1:1.10.12-1.module+el8.6.0+789+2130c178
M Use After Free	<1:1.10.12-1.module+el8.6.0+789+2130c178
M Out-of-bounds Read	<1:1.10.9-1.module+el8.4.0+414+2e7afcdd
M Release of Invalid Pointer or Reference	<1:1.10.12-1.module+el8.6.0+789+2130c178
M Improper Input Validation	<1:1.10.12-1.module+el8.6.0+789+2130c178
M Out-of-bounds Write	<1:1.10.12-1.module+el8.6.0+789+2130c178
M Link Following	<1:1.10.13-1.module+el8.6.0+1006+0d5a469f
M CVE-2021-21707	<1:1.10.13-1.module+el8.6.0+1006+0d5a469f
M Directory Traversal	<1:1.10.13-1.module+el8.6.0+1006+0d5a469f
M CVE-2020-28949	<1:1.10.13-1.module+el8.6.0+1006+0d5a469f
M Deserialization of Untrusted Data	<1:1.10.13-1.module+el8.6.0+1006+0d5a469f
M Use After Free	<1:1.10.13-1.module+el8.6.0+1006+0d5a469f
H Buffer Overflow	<1:1.10.12-1.module+el8.6.0+789+2130c178

Vulnerability

Vulnerable Version

CVE-2025-1861

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2025-1736

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2025-1734

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2025-1219

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Interpretation Conflict

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2024-8929

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Arbitrary Code Injection

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Out-of-bounds Write

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2025-6491

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2025-1735

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2025-14180

<1:1.10.14-1.module+el8.10.0+1596+477f03f8

Integer Overflow or Wraparound

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2025-14177

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2025-1220

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Out-of-bounds Write

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2024-9026

<1:1.10.14-1.module+el8.10.0+1596+477f03f8

CVE-2024-8927

<1:1.10.14-1.module+el8.10.0+1596+477f03f8

HTTP Request Smuggling

<1:1.10.14-1.module+el8.10.0+1596+477f03f8

Insufficient Verification of Data Authenticity

<1:1.10.14-1.module+el8.10.0+1596+477f03f8

CVE-2024-3096

<1:1.10.14-1.module+el8.10.0+1596+477f03f8

CVE-2024-2756

<1:1.10.14-1.module+el8.10.0+1596+477f03f8

Out-of-Bounds

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

XML External Entity (XXE) Injection

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Use of Insufficiently Random Values

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Resource Exhaustion

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Allocation of Resources Without Limits or Throttling

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Use of Password Hash With Insufficient Computational Effort

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Integer Overflow or Wraparound

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2022-31631

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Out-of-bounds Read

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

CVE-2022-31629

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Loop with Unreachable Exit Condition ('Infinite Loop')

<1:1.10.13-1.module+el8.10.0+1604+6558efc7

Out-of-bounds Write

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Use of Uninitialized Resource

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Access Restriction Bypass

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

Out-of-bounds Read

<1:1.10.5-9.module+el8.4.0+413+c9202dda

CVE-2020-7066

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Write

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Improper Preservation of Permissions

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

NULL Pointer Dereference

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Uncontrolled Recursion

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

NULL Pointer Dereference

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Use After Free

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Integer Overflow or Wraparound

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Arbitrary Code Injection

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

NULL Pointer Dereference

<1:1.10.12-1.module+el8.6.0+789+2130c178

Improper Input Validation

<1:1.10.12-1.module+el8.6.0+789+2130c178

Reliance on Cookies without Validation and Integrity Checking

<1:1.10.12-1.module+el8.6.0+789+2130c178

Inadequate Encryption Strength

<1:1.10.12-1.module+el8.6.0+789+2130c178

Use After Free

<1:1.10.12-1.module+el8.6.0+789+2130c178

Out-of-bounds Read

<1:1.10.9-1.module+el8.4.0+414+2e7afcdd

Release of Invalid Pointer or Reference

<1:1.10.12-1.module+el8.6.0+789+2130c178

Improper Input Validation

<1:1.10.12-1.module+el8.6.0+789+2130c178

Out-of-bounds Write

<1:1.10.12-1.module+el8.6.0+789+2130c178

Link Following

<1:1.10.13-1.module+el8.6.0+1006+0d5a469f

CVE-2021-21707

<1:1.10.13-1.module+el8.6.0+1006+0d5a469f

Directory Traversal

<1:1.10.13-1.module+el8.6.0+1006+0d5a469f

CVE-2020-28949

<1:1.10.13-1.module+el8.6.0+1006+0d5a469f

Deserialization of Untrusted Data

<1:1.10.13-1.module+el8.6.0+1006+0d5a469f

Use After Free

<1:1.10.13-1.module+el8.6.0+1006+0d5a469f

Buffer Overflow

<1:1.10.12-1.module+el8.6.0+789+2130c178