CVE-2024-11236

Updated: 2024-11-30 05:21:32.698236

Description:

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2024-12-04 13:20:52
CentOS 7 ELS php 5.4.16 9.8 CRITICAL Not Vulnerable 2024-12-03 12:10:15
CentOS 8.4 ELS php 7.4.6 9.8 CRITICAL Not Vulnerable 2024-12-03 12:10:15
CentOS 8.5 ELS php 7.4.19 9.8 CRITICAL Not Vulnerable 2024-12-03 12:10:15
CentOS Stream 8 ELS php 7.2.24 9.8 CRITICAL Not Vulnerable 2024-12-03 12:10:15
CloudLinux 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2024-12-04 13:20:52
CloudLinux 7 ELS php 5.4.16 9.8 CRITICAL Released 2024-12-02 09:53:03
Oracle Linux 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2024-12-04 13:20:52
Oracle Linux 7 ELS php 5.4.16 9.8 CRITICAL Not Vulnerable 2024-12-09 11:55:24
Ubuntu 16.04 ELS php 7.0.33 9.8 CRITICAL In Testing 2024-12-04 12:05:09
Total: 11