RockyLinux 9 : php:8.3 (RLSA-2025:7418)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7418 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header...

Fedora: Security Advisory (FEDORA-2025-67a302413e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : php:8.3 (RHSA-2025:7418)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7418 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream...

CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

CVE-2024-11235

CVE-2024-11235 affects PHP 8.3.x before 8.3.19 and 8.4.x before 8.4.5. The issue is a use-after-free caused by a code sequence involving the __set handler or the ??= operator in the presence of exceptions, which an attacker could exploit if they can influence memory layout (e.g., crafted inputs) ...

CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

K000150719: Multiple PHP vulnerabilities

Security Advisory Description CVE-2024-11235 In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-922)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-922 advisory. NOTE:https://github.com/php/php-src/security/advisories/GHSA- rwp7-7vc6-8477https://www.tenable.com/cve/CVE-2024-11235 VersionThis vulnerability is present only in PHP 8.3+. The PHP 8.2 and...

USN-7400-1: PHP vulnerabilities

It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2024-11235 It was discovered that PHP incorrectly handle certain folded headers. An attacker could possibly use this issue to cause a crash or...

USN-7400-1 php7.4, php8.1, php8.3 vulnerabilities

It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2024-11235 It was discovered that PHP incorrectly handle certain folded headers. An attacker could possibly use this issue to cause a crash or...

openSUSE Security Advisory (SUSE-SU-2025:1025-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2025:1025-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1025-1 advisory. - CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 - CVE-2025-1217:...

openSUSE Security Advisory (SUSE-SU-2025:1012-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for php7

This update for php7 fixes the following issues: CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 CVE-2025-1219: Fixed libxml streams using wrong...

SUSE-SU-2025:1025-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 - CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 - CVE-2025-1219: Fixed libxml streams using wrong...

SUSE SLES15 Security Update : php8 (SUSE-SU-2025:0994-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0994-1 advisory. - CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 - CVE-2025-1217: Fixed header...

CVE-2024-11235

creationtimestamp| type| source ---|---|--- 2025-03-14 18:23:02+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lkea5pding2d 2025-03-14 19:40:33+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114162482090787141 2025-04-04 18:18:29+00:00| seen|...

BELL-CVE-2024-11235

Bulletin has no description...

CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

PHP 8.3.x < 8.3.19, 8.4.x < 8.4.5 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...