Get_headers() silently truncates anything after a null byte in the URL it uses. This was tested on PHP 7.3, but the function has always had this bug. The test script shows that this can cause well-written scripts to get headers for an unexpected domain. Those headers could leak sensitive information or unexpectedly contain attacker-controlled data.
The information has been provided by Thorsten Alteholz
The original article can be found at:https://bugs.php.net/bug.php?id=79329
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero ( ) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
PHP versions 7.2.x below 7.2.29
PHP versions 7.3.x below 7.3.16
PHP versions 7.4.x below 7.4.4