CVE-2024-11235

Critical CVSS: 9.2

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

Vendor

Php

Product

Php

CWE

CWE-416

Yayın Tarihi

2025-04-04 18:15:48

Güncelleme

2025-04-30 19:25:17

Source Identifier

security@php.net

KEV Date Added

Kategoriler

CWE-416 Php CRITICAL Php 2025

Referanslar

https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477

Benzer Kayıtlar

High

CVE-2026-24894

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSIO…

High

CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly han…

Medium

CVE-2025-14177

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1,…

Medium

CVE-2025-14178

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1,…

High

CVE-2025-14180

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 w…

Low

CVE-2025-1220

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like f…