2 matches found
CLSA-2025-1744631408 php: Fix of CVE-2024-11235
CVE-2024-11235: fix Use-after-free for ??= due to incorrect live-range calculation...
CVE-2024-11235
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...