CVE-2024-11233

Summary

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP8.1.* < 8.1.31affected
PHP GroupPHP8.2.* < 8.2.26affected
PHP GroupPHP8.3.* < 8.3.14affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References