Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-3096HistoryApr 29, 2024 - 4:15 a.m.
CVE-2024-3096
2024-04-2904:15:08
Debian Security Bug Tracker
security-tracker.debian.org
30
php
password_hash
null byte
security
vulnerability
unix
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | php7.3 | < 7.3.31-1~deb10u6 | php7.3_7.3.31-1~deb10u6_all.deb |
| Debian | 11 | all | php7.4 | < 7.4.33-1+deb11u5 | php7.4_7.4.33-1+deb11u5_all.deb |
| Debian | 12 | all | php8.2 | < 8.2.18-1~deb12u1 | php8.2_8.2.18-1~deb12u1_all.deb |
| Debian | 999 | all | php8.2 | < 8.2.18-1 | php8.2_8.2.18-1_all.deb |
| Debian | 13 | all | php8.2 | < 8.2.18-1 | php8.2_8.2.18-1_all.deb |
Related
cvelist
cvelist
redhatcve
redhatcve
CVE-2024-3096
2024-04-15 08:56:38
osv
osv
BIT-php-2024-3096
2024-05-14 07:29:06
CVE-2024-3096
2024-04-29 04:15:08
php7.3 - security update
2024-05-07 00:00:00
ubuntucve
ubuntucve
CVE-2024-3096
2024-04-16 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-3096 affecting package php for versions less than 8.3.4-1
2024-05-17 21:38:35
CVE-2024-3096 affecting package php for versions less than 8.1.28-1
2024-05-06 17:48:02
alpinelinux
alpinelinux
CVE-2024-3096
2024-04-29 04:15:08
cve
cve
CVE-2024-3096
2024-04-29 04:15:08
openvas
openvas
PHP < 8.1.28, 8.2.x < 8.2.18, 8.3.x < 8.3.6 Security Update (GHSA-h746-cjrr-wfmr) - Linux
2024-04-15 00:00:00
Debian: Security Advisory (DLA-3810-1)
2024-05-08 00:00:00
nessus
nessus
Debian dla-3810 : libapache2-mod-php7.3 - security update
2024-05-08 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:1446-1)
2024-04-29 00:00:00
SUSE SLES12 Security Update : php74 (SUSE-SU-2024:1445-1)
2024-04-29 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2024-04-29 00:00:00
PHP vulnerabilities
2024-05-02 00:00:00
debian
debian
[SECURITY] [DLA 3810-1] php7.3 security update
2024-05-07 23:31:06
[SECURITY] [DSA 5660-1] php7.4 security update
2024-04-15 19:25:52
[SECURITY] [DSA 5661-1] php8.2 security update
2024-04-15 19:27:08
fedora
fedora
[SECURITY] Fedora 39 Update: php-8.2.18-1.fc39
2024-04-19 01:18:35
[SECURITY] Fedora 38 Update: php-8.2.18-1.fc38
2024-04-19 02:53:20
[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40
2024-04-19 21:43:53
mageia
mageia
Updated php packages fix security vulnerabilities
2024-04-13 19:56:38
slackware
slackware
[slackware-security] php
2024-04-12 19:36:41
freebsd
freebsd
php -- Multiple vulnerabilities
2024-04-11 00:00:00