Описание
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
A security issue was found in PHP. Uncontrolled long string inputs to the ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. This issue may lead to an application crash or other undefined or unexpected results.
Отчет
This vulnerability does not affect the PHP versions as shipped with Red Hat Enterprise Linux 8 and 9 as this flaw affects 32-bit versions of PHP which are not supported by Red Hat.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.4/php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:8.0/php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:8.2/php | Not affected | ||
| Red Hat Enterprise Linux 9 | php | Not affected | ||
| Red Hat Enterprise Linux 9 | php:8.1/php | Not affected | ||
| Red Hat Enterprise Linux 9 | php:8.2/php | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...
EPSS
6.5 Medium
CVSS3