CVE-2024-11233

HIGH

CVSS v3

8.2

HIGH

EPSS Score

0.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Technical Details

Published
11/24/2024

Frequently Asked Questions

What is CVE-2024-11233?

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Is CVE-2024-11233 actively exploited?

Active exploitation of CVE-2024-11233 has not been confirmed. The EPSS score is 0.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-11233?

CVE-2024-11233 has a CVSS v3 base score of 8.2 (HIGH severity).

Is CVE-2024-11233 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.