CVE-2024-5585

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-5585
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5585.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-5585
Aliases
Downstream
Related
Published
2024-06-09T19:15:52.597Z
Modified
2026-03-15T15:22:22.483571Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115
Fixed
fc4973fb0dfae6085742868b8f0f05163e150a0c
Introduced
70ee6c20ad97e02c2b8098aeea96fefbbc3ac5c2
Fixed
40298a988fca728ddc47316938da61e0f768c872
Introduced
d26068059e83fe40de3430a512471d194119bee0
Fixed
ce51bfac759dedac1537f4d5666dcd33fbc4a281
Database specific 
{
    "versions": [
        {
            "introduced": "8.1.0"
        },
        {
            "fixed": "8.1.29"
        },
        {
            "introduced": "8.2.0"
        },
        {
            "fixed": "8.2.20"
        },
        {
            "introduced": "8.3.0"
        },
        {
            "fixed": "8.3.8"
        }
    ]
}

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "40"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5585.json"