CVE-2024-11236
Integer overflow in the firebird and dblib quoters causing OOB writes
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
It was discovered that PHP incorrectly handled long string inputs in two database drivers. An attacker could possibly use this issue to write files in locations they would not normally have access to.
*Credits:
Niels Dossche
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-11-15 CVE Reserved
- 2024-11-24 CVE Published
- 2024-11-24 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| PHP Group Search vendor "PHP Group" | PHP Search vendor "PHP Group" for product "PHP" | >= 8.1.0 < 8.1.31 Search vendor "PHP Group" for product "PHP" and version " >= 8.1.0 < 8.1.31" | en |
Affected
| ||||||
| PHP Group Search vendor "PHP Group" | PHP Search vendor "PHP Group" for product "PHP" | >= 8.2.0 < 8.2.26 Search vendor "PHP Group" for product "PHP" and version " >= 8.2.0 < 8.2.26" | en |
Affected
| ||||||
| PHP Group Search vendor "PHP Group" | PHP Search vendor "PHP Group" for product "PHP" | >= 8.3.0 < 8.3.14 Search vendor "PHP Group" for product "PHP" and version " >= 8.3.0 < 8.3.14" | en |
Affected
| ||||||