ALT-PU-2024-16299-1

BDU:2024-09951

CRITICAL9.8

Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

Published: 2024-11-20Modified: 2025-05-06

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2024-11236

CVE-2024-11233

HIGH8.2

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Published: 2024-11-24Modified: 2025-11-03

CVSS 3.xHIGH 8.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References

CVE-2024-11234

HIGH7.2

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Published: 2024-11-24Modified: 2025-11-03

CVSS 3.xHIGH 7.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

References

CVE-2024-11236

CRITICAL9.8

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Published: 2024-11-24Modified: 2025-11-03

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2024-8929

MEDIUM5.8

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Published: 2024-11-22Modified: 2025-11-03

CVSS 3.xMEDIUM 5.8

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References

CVE-2024-8932

CRITICAL9.8

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Published: 2024-11-22Modified: 2025-11-03

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Package update php8.1 in branch sisyphus_riscv64

Closed issues (6)

Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.