Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-3096HistoryApr 29, 2024 - 4:15 a.m.
CVE-2024-3096
2024-04-2904:15:08
Alpine Linux Development Team
security.alpinelinux.org
37
cve-2024-3096
php version 8
password_hash
password_verify
null byte
security issue
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | php82 | < 8.2.18-r0 | UNKNOWN |
| Alpine | edge-community | noarch | php83 | < 8.3.5-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | php81 | < 8.1.28-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | php82 | < 8.2.18-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | php83 | < 8.3.6-r0 | UNKNOWN |
Related
cvelist
cvelist
redhatcve
redhatcve
CVE-2024-3096
2024-04-15 08:56:38
ubuntucve
ubuntucve
CVE-2024-3096
2024-04-16 00:00:00
debiancve
debiancve
CVE-2024-3096
2024-04-29 04:15:08
cbl_mariner
cbl_mariner
CVE-2024-3096 affecting package php for versions less than 8.1.28-1
2024-05-06 17:48:02
osv
osv
CVE-2024-3096
2024-04-29 04:15:08
php7.3 - security update
2024-05-07 00:00:00
php7.4, php8.1, php8.2 vulnerabilities
2024-05-02 15:57:55
openvas
openvas
PHP < 8.1.28, 8.2.x < 8.2.18, 8.3.x < 8.3.6 Security Update (GHSA-h746-cjrr-wfmr) - Linux
2024-04-15 00:00:00
Debian: Security Advisory (DLA-3810-1)
2024-05-08 00:00:00
cve
cve
CVE-2024-3096
2024-04-29 04:15:08
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:1446-1)
2024-04-29 00:00:00
Debian dla-3810 : libapache2-mod-php7.3 - security update
2024-05-08 00:00:00
SUSE SLES12 Security Update : php74 (SUSE-SU-2024:1445-1)
2024-04-29 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2024-04-29 00:00:00
PHP vulnerabilities
2024-05-02 00:00:00
debian
debian
[SECURITY] [DLA 3810-1] php7.3 security update
2024-05-07 23:31:06
[SECURITY] [DSA 5660-1] php7.4 security update
2024-04-15 19:25:52
[SECURITY] [DSA 5661-1] php8.2 security update
2024-04-15 19:27:08
fedora
fedora
[SECURITY] Fedora 39 Update: php-8.2.18-1.fc39
2024-04-19 01:18:35
[SECURITY] Fedora 38 Update: php-8.2.18-1.fc38
2024-04-19 02:53:20
[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40
2024-04-19 21:43:53
mageia
mageia
Updated php packages fix security vulnerabilities
2024-04-13 19:56:38
slackware
slackware
[slackware-security] php
2024-04-12 19:36:41
freebsd
freebsd
php -- Multiple vulnerabilities
2024-04-11 00:00:00