CVE-2024-11235 — HIGH (8.1)

Q: How severe is CVE-2024-11235?

CVE-2024-11235 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-11235?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.

Vulnerability Description

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Php	Php	>= 8.3.0, < 8.3.19

Related Weaknesses (CWE)

CWE-416

References

https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477ExploitVendor Advisory
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477ExploitVendor Advisory

FAQ

What is CVE-2024-11235?

CVE-2024-11235 is a vulnerability with a CVSS score of 8.1 (HIGH). In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can c...

How severe is CVE-2024-11235?

CVE-2024-11235 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-11235?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.