CVE-2024-11236 - Vulnerability Details

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Php	Php
Php Group	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

No data.

References

Link	Providers
https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv
https://nvd.nist.gov/vuln/detail/CVE-2024-11236
https://www.cve.org/CVERecord?id=CVE-2024-11236

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00417}`	epss `{'score': 0.0032}`

Tue, 26 Nov 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Php Php php
Weaknesses		CWE-190
CPEs		cpe:2.3:a:php:php::::::::
Vendors & Products		Php Php php

Tue, 26 Nov 2024 03:00:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-11236 https://www.cve.org/CVERecord?id=CVE-2024-11236
Metrics	threat_severity `None`	threat_severity `Moderate`

Sun, 24 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Php Group Php Group php
CPEs		cpe:2.3:a:php_group:php::::::::
Vendors & Products		Php Group Php Group php
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sun, 24 Nov 2024 01:15:00 +0000

Type	Values Removed	Values Added
Description		In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
Title		Integer overflow in the firebird and dblib quoters causing OOB writes
Weaknesses		CWE-787
References		https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: php

Published: 2024-11-24T00:44:54.951Z

Updated: 2024-11-24T12:41:42.645Z

Reserved: 2024-11-15T06:27:40.425Z

Link: CVE-2024-11236

Vulnrichment

Updated: 2024-11-24T12:32:10.815Z

NVD

Status : Analyzed

Published: 2024-11-24T01:15:04.387

Modified: 2024-11-26T18:29:05.820

Link: CVE-2024-11236

Redhat

Severity : Moderate

Publid Date: 2024-11-24T00:44:54Z

Links: CVE-2024-11236 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11236", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "dateReserved": "2024-11-15T06:27:40.425Z", "datePublished": "2024-11-24T00:44:54.951Z", "dateUpdated": "2024-11-24T12:41:42.645Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["pdo_firebird", "pdo_dblib"], "platforms": ["32 bit"], "product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "8.1.31", "status": "affected", "version": "8.1.*", "versionType": "semver"}, {"lessThan": "8.2.26", "status": "affected", "version": "8.2.*", "versionType": "semver"}, {"lessThan": "8.3.14", "status": "affected", "version": "8.3.*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Niels Dossche"}], "datePublic": "2024-11-22T06:15:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to <code>ldap_escape()</code> function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. "}], "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-11-24T00:51:28.805Z"}, "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv"}], "source": {"advisory": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84", "discovery": "INTERNAL"}, "title": "Integer overflow in the firebird and dblib quoters causing OOB writes", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11236", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-24T12:32:23.996029Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"], "vendor": "php_group", "product": "php", "versions": [{"status": "affected", "version": "8.1.0", "lessThan": "8.1.31", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.26", "versionType": "custom"}, {"status": "affected", "version": "8.3.0", "lessThan": "8.3.14", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"], "vendor": "php_group", "product": "php", "versions": [{"status": "affected", "version": "8.1.0", "lessThan": "8.1.31", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.26", "versionType": "custom"}, {"status": "affected", "version": "8.3.0", "lessThan": "8.3.14", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"], "vendor": "php_group", "product": "php", "versions": [{"status": "affected", "version": "8.1.0", "lessThan": "8.1.31", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.26", "versionType": "custom"}, {"status": "affected", "version": "8.3.0", "lessThan": "8.3.14", "versionType": "custom"}], "defaultStatus": "unknown"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-24T12:41:42.645Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11236", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-24T12:32:23.996029Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"], "vendor": "php_group", "product": "php", "versions": [{"status": "affected", "version": "8.1.0", "lessThan": "8.1.31", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.26", "versionType": "custom"}, {"status": "affected", "version": "8.3.0", "lessThan": "8.3.14", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"], "vendor": "php_group", "product": "php", "versions": [{"status": "affected", "version": "8.1.0", "lessThan": "8.1.31", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.26", "versionType": "custom"}, {"status": "affected", "version": "8.3.0", "lessThan": "8.3.14", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"], "vendor": "php_group", "product": "php", "versions": [{"status": "affected", "version": "8.1.0", "lessThan": "8.1.31", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.26", "versionType": "custom"}, {"status": "affected", "version": "8.3.0", "lessThan": "8.3.14", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-24T12:32:10.815Z"}}], "cna": {"title": "Integer overflow in the firebird and dblib quoters causing OOB writes", "source": {"advisory": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Niels Dossche"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHP Group", "modules": ["pdo_firebird", "pdo_dblib"], "product": "PHP", "versions": [{"status": "affected", "version": "8.1.*", "lessThan": "8.1.31", "versionType": "semver"}, {"status": "affected", "version": "8.2.*", "lessThan": "8.2.26", "versionType": "semver"}, {"status": "affected", "version": "8.3.*", "lessThan": "8.3.14", "versionType": "semver"}], "platforms": ["32 bit"], "defaultStatus": "affected"}], "datePublic": "2024-11-22T06:15:00.000Z", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.", "supportingMedia": [{"type": "text/html", "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to <code>ldap_escape()</code> function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-11-24T00:51:28.805Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11236", "state": "PUBLISHED", "dateUpdated": "2024-11-24T12:41:42.645Z", "dateReserved": "2024-11-15T06:27:40.425Z", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "datePublished": "2024-11-24T00:44:54.951Z", "assignerShortName": "php"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE6E1B68-3EB9-4C67-97A6-226EA02CC2EA", "versionEndExcluding": "8.1.31", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C160D91A-CF97-4DD1-A34F-8B8C852B3CEC", "versionEndExcluding": "8.2.26", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "35B1BA7F-0EAE-4F40-ACA4-EBC5D63F609A", "versionEndExcluding": "8.3.14", "versionStartIncluding": "8.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write."}, {"lang": "es", "value": "En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, las entradas de cadenas largas no controladas a la funci\u00f3n ldap_escape() en sistemas de 32 bits pueden causar un desbordamiento de enteros, lo que resulta en una escritura fuera de los l\u00edmites."}], "id": "CVE-2024-11236", "lastModified": "2024-11-26T18:29:05.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@php.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-24T01:15:04.387", "references": [{"source": "security@php.net", "tags": ["Exploit"], "url": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@php.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "php: Integer overflow in the firebird and dblib quoters causing OOB writes", "id": "2328522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328522"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-787", "details": ["In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.", "A security issue was found in PHP. Uncontrolled long string inputs to the `ldap_escape()`\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. This issue may lead to an application crash or other undefined or unexpected results."], "name": "CVE-2024-11236", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:7.4/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:8.0/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php:8.1/php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-24T00:44:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11236\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11236\nhttps://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv"], "statement": "The PHP package versions as shipped with Red Hat Enterprise Linux 8 and 9 is not affected by this vulnerability as this PHP extension is not shipped with any supported PHP versions distributed by Red Hat.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object