CVE-2024-11233 | Zend by Perforce

Single byte overread with convert.quoted-printable-decode filter) ORDER BY 1695-- MXbN

Publication Date	2024-11-23
Severity	Critical
Type	Cross-Site Request Forgery
Affected PHP Versions	7.2.0-7.2.34 7.3.0-7.3.33 7.4.0-7.4.33 8.0.0-8.0.30 8.1.0-8.1.31 8.2.0-8.2.26 8.3.0-8.3.14
Fixed Product Versions	ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendPHP 8.3 ZendServer 2021.4.1

CVE Details

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Recommendations

We recommend upgrading to a known patched version of PHP.

< View all CVEs