First published: Thu Mar 13 2025(Updated: )
Fixed (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235)
Affected Software | Affected Version | How to fix |
---|---|---|
PHP | <8.4.5 | 8.4.5 |
debian/php8.4 | 8.4.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-11235 has been classified as a critical vulnerability due to its potential for causing use-after-free errors.
To fix CVE-2024-11235, upgrade PHP to version 8.3.19 or later.
The vulnerability CVE-2024-11235 is caused by improper reference counting during the php_request_shutdown process.
CVE-2024-11235 affects all PHP versions prior to 8.3.19.
There is no known workaround for CVE-2024-11235; upgrading to a fixed version is the only solution.