First published: Thu Nov 21 2024(Updated: )
Fixed bug (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
Credit: security@php.net security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
PHP | >=8.1.0<8.1.31 | |
PHP | >=8.2.0<8.2.26 | |
PHP | >=8.3.0<8.3.14 | |
PHP | <8.1.31 | 8.1.31 |
debian/php7.4 | <=7.4.33-1+deb11u5 | 7.4.33-1+deb11u8 |
debian/php8.2 | 8.2.26-1~deb12u1 8.2.28-1~deb12u1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-11233 is considered a moderate severity vulnerability due to the potential for buffer overread in specific versions of PHP.
To fix CVE-2024-11233, upgrade PHP to version 8.1.31, 8.2.26, or 8.3.14 or later.
CVE-2024-11233 affects PHP versions 8.1.0 to 8.1.30, 8.2.0 to 8.2.25, and 8.3.0 to 8.3.13.
The implications of CVE-2024-11233 may include potential data exposure due to buffer overread vulnerabilities.
Yes, CVE-2024-11233 is applicable to specific PHP packages on Debian, particularly versions prior to the remedied releases.