CVE-2024-11233

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-11233
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11233.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-11233
Aliases
Downstream
Related
Published
2024-11-24T02:15:16.030Z
Modified
2026-04-16T00:06:32.361575441Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
[none]
Details

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error inĀ convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115
Fixed
38123aca18c3c1bd1f109ec77af2f175d7afcf35
Introduced
70ee6c20ad97e02c2b8098aeea96fefbbc3ac5c2
Fixed
a3695d49e878eb2ebbf4645a0975cb5e225fbc7d
Introduced
d26068059e83fe40de3430a512471d194119bee0
Fixed
dc83dee9003edfff53f0f7d057bf79650c7f10dc
Database specific 
{
    "cpe": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "8.1.0"
        },
        {
            "fixed": "8.1.31"
        },
        {
            "introduced": "8.2.0"
        },
        {
            "fixed": "8.2.26"
        },
        {
            "introduced": "8.3.0"
        },
        {
            "fixed": "8.3.14"
        }
    ],
    "source": "CPE_FIELD"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11233.json"