CVE-2024-11233

Updated: 2024-11-26 19:54:06.044214

Description:

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 8.2

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS php 5.3.3 8.2 HIGH In Rollout CLSA-2024:1733421975 2024-12-05 13:20:49
CentOS 7 ELS php 5.4.16 8.2 HIGH In Rollout CLSA-2024:1733246329 2024-12-03 13:22:09
CentOS 8.4 ELS php 7.4.6 8.2 HIGH In Testing 2024-12-03 10:00:18
CentOS 8.5 ELS php 7.4.19 8.2 HIGH Released CLSA-2024:1733422173 2024-12-05 13:20:50
CentOS Stream 8 ELS php 7.2.24 8.2 HIGH In Testing 2024-12-04 12:05:07
CloudLinux 6 ELS php 5.3.3 8.2 HIGH In Testing 2024-12-05 12:02:26
CloudLinux 7 ELS php 5.4.16 8.2 HIGH In Rollout CLSA-2024:1733246354 2024-12-03 13:22:09
Oracle Linux 6 ELS php 5.3.3 8.2 HIGH In Testing 2024-12-06 11:57:08
Oracle Linux 7 ELS php 5.4.16 8.2 HIGH Released CLSA-2024:1733429914 2024-12-05 16:22:02
Ubuntu 16.04 ELS php 7.0.33 8.2 HIGH Needs Triage 2024-11-21 07:35:51
Total: 11