Vulnerabilities > PHP > PHP > 8.3.12

DATE CVE VULNERABILITY TITLE RISK
2024-11-24 CVE-2024-11233 Out-of-bounds Write vulnerability in PHP
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
network
low complexity
php CWE-787
8.2
8.2
2024-11-24 CVE-2024-11234 Injection vulnerability in PHP
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
network
low complexity
php CWE-74
7.2
7.2
2024-11-24 CVE-2024-11236 Integer Overflow or Wraparound vulnerability in PHP
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
network
low complexity
php CWE-190
critical
 9.8
9.8