CVE-2024-11233

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

History

No history.

Information

Published : 2024-11-24 02:15

Updated : 2024-11-26 18:26

NVD link : CVE-2024-11233

Mitre link : CVE-2024-11233

CVE.ORG link : CVE-2024-11233

JSON object : View

Products Affected

php

php

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-11233", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@php.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-11-24T02:15:16.030", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43", "tags": ["Exploit", "Vendor Advisory"], "source": "security@php.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@php.net", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in\u00a0convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas."}, {"lang": "es", "value": "En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, debido a un error en el filtro convert.quoted-printable-decode, ciertos datos pueden provocar una sobrelectura del b\u00fafer de un byte, lo que en determinadas circunstancias puede provocar fallos o revelar el contenido de otras \u00e1reas de memoria."}], "lastModified": "2024-11-26T18:26:37.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE6E1B68-3EB9-4C67-97A6-226EA02CC2EA", "versionEndExcluding": "8.1.31", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C160D91A-CF97-4DD1-A34F-8B8C852B3CEC", "versionEndExcluding": "8.2.26", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35B1BA7F-0EAE-4F40-ACA4-EBC5D63F609A", "versionEndExcluding": "8.3.14", "versionStartIncluding": "8.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}