CVE-2024-11233

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11233

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11233.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-11233

Aliases

Related

Published

2024-11-24T02:15:16Z

Modified

2025-01-15T08:56:51.516811Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator

Summary

[none]

Details

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

References

Affected packages

Debian:11 / php7.4

Package

Name: php7.4
Purl: pkg:deb/debian/php7.4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4.33-1+deb11u7

Affected versions

7.*

7.4.21-1+deb11u1

7.4.25-1+deb11u1

7.4.26-1

7.4.28-1+deb11u1

7.4.30-1+deb11u1

7.4.33-1+deb11u1

7.4.33-1+deb11u3

7.4.33-1+deb11u4

7.4.33-1+deb11u5

7.4.33-1+deb11u6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / php8.2

Package

Name: php8.2
Purl: pkg:deb/debian/php8.2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.2.26-1~deb12u1

Affected versions

8.*

8.2.5-2

8.2.7-1~deb12u1

8.2.7-1

8.2.7-1.1

8.2.10-1

8.2.10-2

8.2.12-1

8.2.16-1

8.2.16-2

8.2.17-1

8.2.18-1~deb12u1

8.2.18-1

8.2.20-1~deb12u1

8.2.20-2

8.2.20-3

8.2.21-1

8.2.23-1

8.2.24-1~deb12u1

8.2.24-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115

Fixed

38123aca18c3c1bd1f109ec77af2f175d7afcf35