CVE-2024-11235

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

CVSS

No CVSS.

References

Link	Resource
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477

Configurations

No configuration.

History

07 Apr 2025, 14:17

Type	Values Removed	Values Added
Summary		(es) En las versiones de PHP 8.3.* anteriores a la 8.3.19 y 8.4.* anteriores a la 8.4.5, una secuencia de código que incluya el controlador __set o el controlador ??= y excepciones puede generar una vulnerabilidad de use-after-free. Si un tercero puede controlar la distribución de memoria que provoca esto, por ejemplo, proporcionando entradas especialmente manipuladas al script, podría provocar la ejecución remota de código.

04 Apr 2025, 20:15

Type	Values Removed	Values Added
References	~~() https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 -~~	() https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 -

04 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-04 18:15

Updated : 2025-04-07 14:17

NVD link : CVE-2024-11235

Mitre link : CVE-2024-11235

CVE.ORG link : CVE-2024-11235

JSON object : View

Products Affected

No product.

CWE

CWE-416

Use After Free

{"id": "CVE-2024-11235", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@php.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-04T18:15:48.020", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477", "source": "security@php.net"}, {"url": "https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@php.net", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=\u00a0\u00a0operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution."}, {"lang": "es", "value": "En las versiones de PHP 8.3.* anteriores a la 8.3.19 y 8.4.* anteriores a la 8.4.5, una secuencia de c\u00f3digo que incluya el controlador __set o el controlador ??= y excepciones puede generar una vulnerabilidad de use-after-free. Si un tercero puede controlar la distribuci\u00f3n de memoria que provoca esto, por ejemplo, proporcionando entradas especialmente manipuladas al script, podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-04-07T14:17:50.220", "sourceIdentifier": "security@php.net"}