We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-11233

Single byte overread with convert.quoted-printable-decode filter



Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Reserved 2024-11-15 | Published 2024-11-24 | Updated 2024-11-24 | Assigner php


MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status
affected

8.1.* before 8.1.31
affected

8.2.* before 8.2.26
affected

8.3.* before 8.3.14
affected

Credits

Frostb1te reporter

References

github.com/...hp-src/security/advisories/GHSA-r977-prxv-hc43

cve.org (CVE-2024-11233)

nvd.nist.gov (CVE-2024-11233)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-11233

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.