CVE-2024-11236

Updated: 2024-11-30 05:21:32.698236

Description:

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

EL 6 PHP php 5.6 9.8 CRITICAL In Testing 2024-12-23 22:29:10
EL 6 PHP php 5.4 9.8 CRITICAL In Testing 2024-12-23 22:29:20
EL 6 PHP php 5.3 9.8 CRITICAL In Testing 2024-12-23 22:29:20
EL 6 PHP php 5.2 9.8 CRITICAL In Testing 2024-12-23 22:29:20
EL 6 PHP php 5.1 9.8 CRITICAL In Testing 2024-12-23 22:29:20
EL 6 PHP php 5.5 9.8 CRITICAL In Testing 2024-12-23 22:29:14
EL 6 PHP php 8.1 9.8 CRITICAL Not Vulnerable 2025-01-13 23:38:11
EL 6 PHP php 7.4 9.8 CRITICAL In Testing 2025-01-08 23:37:29
EL 6 PHP php 8.2 9.8 CRITICAL Not Vulnerable 2025-01-13 23:38:12
EL 6 PHP php 7.0 9.8 CRITICAL In Testing 2025-01-08 23:37:25
Total: 86