Hlt99

**Name of the Vulnerable Software and Affected Versions** pecl-http extension versions 3.1.0beta2 and earlier (PHP 7) pecl-http extension versions 2.6.0beta2 and earlier (PHP 5) **Description** A type confusion issue in the `merge param()` function of php http params.c allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. **Recommendations** For pecl-http extension versions 3.1.0beta2 and earlier (PHP 7), update to a version that fixes the issue in the `merge param()` function. For pecl-http extension versions 2.6.0beta2 and earlier (PHP 5), update to a version that fixes the issue in the `merge param()` function. As a temporary workaround, consider restricting access to the `merge param()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** pecl http versions prior to 3.0.1 **Description** A buffer overflow issue exists in the HTTP URL parsing functions, potentially allowing remote attackers to execute arbitrary code via non-printable characters in a URL. **Recommendations** For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue.