Updated: 2024-11-30 05:21:32.698236
Description:
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | CRITICAL | 9.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Not Vulnerable | 2024-12-04 13:20:52 | ||
CentOS 7 ELS | php | 5.4.16 | 9.8 | CRITICAL | Not Vulnerable | 2024-12-03 12:10:15 | ||
CentOS 8.4 ELS | php | 7.4.6 | 9.8 | CRITICAL | Not Vulnerable | 2024-12-03 12:10:15 | ||
CentOS 8.5 ELS | php | 7.4.19 | 9.8 | CRITICAL | Not Vulnerable | 2024-12-03 12:10:15 | ||
CentOS Stream 8 ELS | php | 7.2.24 | 9.8 | CRITICAL | Not Vulnerable | 2024-12-03 12:10:15 | ||
CloudLinux 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Not Vulnerable | 2024-12-04 13:20:52 | ||
CloudLinux 7 ELS | php | 5.4.16 | 9.8 | CRITICAL | Released | 2024-12-02 09:53:03 | ||
Oracle Linux 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Not Vulnerable | 2024-12-04 13:20:52 | ||
Oracle Linux 7 ELS | php | 5.4.16 | 9.8 | CRITICAL | Not Vulnerable | 2024-12-09 11:55:24 | ||
Ubuntu 16.04 ELS | php | 7.0.33 | 9.8 | CRITICAL | In Testing | 2024-12-04 12:05:09 |