CVE-2024-11235

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11235

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11235.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-11235

Aliases

Downstream

BELL-CVE-2024-11235

DEBIAN-CVE-2024-11235

MINI-rh74-7grw-78q2

MINI-x9vm-mv8g-q63h

OESA-2025-1302

OESA-2025-1306

RHSA-2025:7418

RHSA-2025:7489

RLSA-2025:7418

SUSE-SU-2025:0994-1

SUSE-SU-2025:1012-1

SUSE-SU-2025:1025-1

SUSE-SU-2025:1026-1

UBUNTU-CVE-2024-11235

USN-7400-1

openSUSE-SU-2025:14895-1

Related

Published

2025-04-04T18:15:48Z

Modified

2025-08-11T14:44:54.748518Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

References

https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

d26068059e83fe40de3430a512471d194119bee0

Fixed

fdeadcd9ba0627cf1967220489ab6caa031e4034