CVE-2024-11236

Updated: 2025-11-10 01:21:35.423011

Description:

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
Oracle Linux 7 ELS php 5.4.16 9.8 CRITICAL Not Vulnerable 2024-12-09 11:55:24
RHEL 7 ELS php 5.4.16 9.8 CRITICAL Not Vulnerable 2025-05-14 07:19:27
Ubuntu 16.04 ELS php 7.0.33 9.8 CRITICAL Not Vulnerable 2024-12-23 22:31:14
Ubuntu 18.04 ELS php 7.2.24-0 9.8 CRITICAL Not Vulnerable 2024-12-23 22:31:14
Total: 14