CVE-2024-11233

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Nov 24, 2024
Updated: Nov 26, 2024
CWE ID 787
CWE ID 122

Summary

CVE-2024-11233 is a vulnerability affecting PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. This issue arises due to an error in the convert.quoted-printable-decode filter. Specific data can cause a buffer overread by one byte, resulting in crashes or potentially disclosing memory contents from other areas.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PHP: Hypertext Preprocessor

Affected Vendors

  • Php