Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-11233

Опубликовано: 24 нояб. 2024
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash. When exploited, it allows an attacker to extract a single byte of data from the heap or cause a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7phpNot affected
Red Hat Enterprise Linux 8php:7.4/phpNot affected
Red Hat Enterprise Linux 8php:8.0/phpNot affected
Red Hat Enterprise Linux 8php:8.2/phpFix deferred
Red Hat Enterprise Linux 9phpFixedRHSA-2025:426328.04.2025
Red Hat Enterprise Linux 9phpFixedRHSA-2025:731513.05.2025
Red Hat Enterprise Linux 9phpFixedRHSA-2025:743213.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2328521php: Single byte overread with convert.quoted-printable-decode filter

EPSS

Процентиль: 42%
0.00197
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-11233

CVSS3: 4.8
ubuntu
7 месяцев назад

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

nvd логотип

CVE-2024-11233

CVSS3: 4.8
nvd
7 месяцев назад

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

msrc логотип

CVE-2024-11233

CVSS3: 8.2
msrc
6 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-11233

CVSS3: 4.8
debian
7 месяцев назад

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...

github логотип

GHSA-r977-prxv-hc43

CVSS3: 4.8
github
7 месяцев назад

Single byte overread with convert.quoted-printable-decode filter

EPSS

Процентиль: 42%
0.00197
Низкий

4.8 Medium

CVSS3