In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
History

Tue, 26 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Php
Php php
Weaknesses CWE-787
CPEs cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Vendors & Products Php
Php php

Tue, 26 Nov 2024 03:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Sun, 24 Nov 2024 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Php Group
Php Group php
CPEs cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*
Vendors & Products Php Group
Php Group php
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 24 Nov 2024 02:00:00 +0000

Type Values Removed Values Added
Description In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
Title Single byte overread with convert.quoted-printable-decode filter
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2024-11-24T01:08:28.663Z

Updated: 2024-11-24T12:41:42.881Z

Reserved: 2024-11-15T06:22:38.785Z

Link: CVE-2024-11233

cve-icon Vulnrichment

Updated: 2024-11-24T12:33:16.682Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-24T02:15:16.030

Modified: 2024-11-26T18:26:37.783

Link: CVE-2024-11233

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-24T01:08:28Z

Links: CVE-2024-11233 - Bugzilla