CVE-2024-11233

convert.quoted-printable-decode filter buffer overread

Publication Date	2024-11-23
Severity	Moderate
Type	Information Disclosure
Affected PHP Versions	7.2.0-7.2.34
Fixed Product Versions	ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 7.29108429 ZendPHP 7.29357358 ZendPHP 7.29819071 ZendPHP 7.29868234 ZendPHP 7.29914703 ZendPHP 7.29921362 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendPHP 8.3 ZendServer 2021.4.1

CVE Details

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in the convert.quoted-printable-decode filter, certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Recommendations

We recommend upgrading to a known patched version of PHP.

< View all CVEs

Featured Product

ZendPHP

2025 PHP Landscape Report

CVE Details

Recommendations