PT-2024-8873 · Php+10 · Php+10

Frostb1Te

+1

·

Published

2024-11-15

·

Updated

2026-02-10

·

CVE-2024-11233

CVSS v3.1

8.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Name of the Vulnerable Software and Affected Versions: PHP versions 8.1.* before 8.1.31 PHP versions 8.2.* before 8.2.26 PHP versions 8.3.* before 8.3.14
Description: The issue is related to an error in the convert.quoted-printable-decode filter, which can lead to a buffer overread by one byte. This can cause crashes or disclose the content of other memory areas in certain circumstances. The vulnerability can be exploited by a remote attacker to cause a denial of service.
Recommendations: For PHP versions 8.1.* before 8.1.31, update to version 8.1.31 or later. For PHP versions 8.2.* before 8.2.26, update to version 8.2.26 or later. For PHP versions 8.3.* before 8.3.14, update to version 8.3.14 or later.

Exploit

Fix

DoS

Memory Corruption

Heap Based Buffer Overflow

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2025:15687
ALSA-2025:4263
ALSA-2025:7432
ALSA-2026:2470
ALT-PU-2024-16220
ALT-PU-2024-16262
ALT-PU-2024-16264
ALT-PU-2024-16421
ALT-PU-2024-16432
ALT-PU-2024-16480
ALT-PU-2024-16520
AZL-53462
AZL-53634
BDU:2024-10540
BIT-LIBPHP-2024-11233
BIT-PHP-2024-11233
BIT-PHP-MIN-2024-11233
CESA-2025_15687
CVE-2024-11233
DLA-3986-1
DSA-5819-1
GHSA-R977-PRXV-HC43
INFSA-2025_15687
INFSA-2025_4263
INFSA-2025_7315
INFSA-2025_7432
MGASA-2024-0375
OESA-2024-2478
OPENSUSE-SU-2024:14521-1
OPENSUSE-SU-2024_4136-1
OPENSUSE-SU-2024_4146-1
OPENSUSE-SU-2024_4215-1
RHSA-2025:15687
RHSA-2025:4263
RHSA-2025:7315
RHSA-2025:7432
RHSA-2025_15687
RHSA-2025_4263
RHSA-2025_7315
RHSA-2025_7432
RHSA-2026:2470
SUSE-SU-2024:4136-1
SUSE-SU-2024:4146-1
SUSE-SU-2024:4215-1
SUSE-SU-2024_4136-1
SUSE-SU-2024_4146-1
SUSE-SU-2024_4215-1
USN-7157-1
USN-7157-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu