In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.
8.1.2-1ubuntu2.228.3.6-0ubuntu0.24.04.58.4.11-1ubuntu15.5.3+dfsg-1ubuntu25.5.3+dfsg-1ubuntu35.5.6+dfsg-1ubuntu15.5.6+dfsg-1ubuntu25.5.8+dfsg-2ubuntu15.5.9+dfsg-1ubuntu15.5.9+dfsg-1ubuntu25.5.9+dfsg-1ubuntu35.5.9+dfsg-1ubuntu45.5.9+dfsg-1ubuntu4.1+37 more7.0.33-0ubuntu0.16.04.16+esm167.2.24-0ubuntu0.18.04.17+esm97.4.3-4ubuntu2.29+esm1Exploitability
AV:NAC:HPR:NUI:NScope
S:UImpact
C:LI:NA:NCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N