Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calculation of the exec procedure leading to a crash. The highest threat from this vulnerability is to system availability. A security issue was found in PHP in the way it allows to bypass the FILTER_VALIDATE_URL check via a crafted URL which may lead to SSRF