Vulnerabilities > CVE-2024-11233 - Out-of-bounds Write vulnerability in PHP

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

php

CWE-787

NVD

Published: 2024-11-24

Updated: 2024-11-26

Summary

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 8.3.0 PHP PHP 8.3.1 PHP PHP 8.3.2 PHP PHP 8.3.3 PHP PHP 8.3.4 PHP PHP 8.3.5 PHP PHP 8.3.6 PHP PHP 8.3.7 PHP PHP 8.3.8 PHP PHP 8.3.9 PHP PHP 8.3.10 PHP PHP 8.3.11 PHP PHP 8.3.12 PHP PHP 8.3.13 PHP PHP 8.2.0 PHP PHP 8.2.1 PHP PHP 8.2.2 PHP PHP 8.2.3 PHP PHP 8.2.4 PHP PHP 8.2.5 PHP PHP 8.2.6 PHP PHP 8.2.7 PHP PHP 8.2.8 PHP PHP 8.2.9 PHP PHP 8.2.10 PHP PHP 8.2.11 PHP PHP 8.2.12 PHP PHP 8.2.13 PHP PHP 8.2.14 PHP PHP 8.2.15 PHP PHP 8.2.16 PHP PHP 8.2.17 PHP PHP 8.2.18 PHP PHP 8.2.19 PHP PHP 8.2.20 PHP PHP 8.2.21 PHP PHP 8.2.22 PHP PHP 8.2.23 PHP PHP 8.2.24 PHP PHP 8.2.25 PHP PHP 8.1.0 PHP PHP 8.1.1 PHP PHP 8.1.2 PHP PHP 8.1.3 PHP PHP 8.1.4 PHP PHP 8.1.5 PHP PHP 8.1.6 PHP PHP 8.1.7 PHP PHP 8.1.8 PHP PHP 8.1.9 PHP PHP 8.1.10 PHP PHP 8.1.12 PHP PHP 8.1.13 PHP PHP 8.1.14 PHP PHP 8.1.15 PHP PHP 8.1.16 PHP PHP 8.1.17 PHP PHP 8.1.18 PHP PHP 8.1.19 PHP PHP 8.1.20 PHP PHP 8.1.21 PHP PHP 8.1.22 PHP PHP 8.1.23 PHP PHP 8.1.24 PHP PHP 8.1.25 PHP PHP 8.1.26 PHP PHP 8.1.27 PHP PHP 8.1.28 PHP PHP 8.1.29 PHP PHP 8.1.30	162

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43