AZL-53634 CVE-2024-11233 affecting package php for versions less than 8.1.31-1

🗓️ 24 Nov 2024 02:15:16Reported by GoogleType

osv

osv🔗 osv.dev

PHP before fixes has a buffer overread in convert.quoted-printable-decode that can crash or reveal memory.

Reporter	Title	Published	Views	Family All 207
Tenable Nessus	Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845)	26 Feb 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-872)	2 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-873)	2 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2025-006 (ALASPHP8.1-2025-006)	26 Feb 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2025-006 (ALASPHP8.2-2025-006)	26 Feb 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0043: php:7.4 (ALINUX3-SA-2026:0043)	5 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : php:8.2 (ALSA-2025:15687)	29 Sep 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : php:8.1 (ALSA-2025:4263)	29 Apr 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : php:8.2 (ALSA-2025:7432)	3 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : php:7.4 (ALSA-2026:2470)	13 Feb 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-11233

21 Apr 2026 04:35Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.18.2

EPSS0.00728

php buffer overread convert quoted printable decode cve 2024 11233