Ubuntu: (Multiple Advisories) (CVE-2024-11236): PHP vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-11236): PHP vulnerability

Severity

10

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

11/24/2024

Created

12/14/2024

Added

12/13/2024

Modified

01/28/2025

Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Solution(s)

• ubuntu-pro-upgrade-libapache2-mod-php7-0
• ubuntu-pro-upgrade-libapache2-mod-php7-2
• ubuntu-pro-upgrade-libapache2-mod-php7-4
• ubuntu-pro-upgrade-libapache2-mod-php8-0
• ubuntu-pro-upgrade-libapache2-mod-php8-1
• ubuntu-pro-upgrade-libapache2-mod-php8-3
• ubuntu-pro-upgrade-libphp7-0-embed
• ubuntu-pro-upgrade-libphp7-2-embed
• ubuntu-pro-upgrade-php7-0
• ubuntu-pro-upgrade-php7-0-common
• ubuntu-pro-upgrade-php7-0-dev
• ubuntu-pro-upgrade-php7-0-interbase
• ubuntu-pro-upgrade-php7-0-mysql
• ubuntu-pro-upgrade-php7-0-pgsql
• ubuntu-pro-upgrade-php7-0-sqlite3
• ubuntu-pro-upgrade-php7-2
• ubuntu-pro-upgrade-php7-2-common
• ubuntu-pro-upgrade-php7-2-dev
• ubuntu-pro-upgrade-php7-2-interbase
• ubuntu-pro-upgrade-php7-2-mysql
• ubuntu-pro-upgrade-php7-2-pgsql
• ubuntu-pro-upgrade-php7-2-sqlite3
• ubuntu-pro-upgrade-php7-4
• ubuntu-pro-upgrade-php7-4-cgi
• ubuntu-pro-upgrade-php7-4-cli
• ubuntu-pro-upgrade-php7-4-fpm
• ubuntu-pro-upgrade-php7-4-mysql
• ubuntu-pro-upgrade-php8-1
• ubuntu-pro-upgrade-php8-1-cgi
• ubuntu-pro-upgrade-php8-1-cli
• ubuntu-pro-upgrade-php8-1-enchant
• ubuntu-pro-upgrade-php8-1-fpm
• ubuntu-pro-upgrade-php8-1-mysql
• ubuntu-pro-upgrade-php8-3
• ubuntu-pro-upgrade-php8-3-cgi
• ubuntu-pro-upgrade-php8-3-cli
• ubuntu-pro-upgrade-php8-3-fpm
• ubuntu-pro-upgrade-php8-3-mysql

References

• https://attackerkb.com/topics/cve-2024-11236
• CVE - 2024-11236
• USN-7153-1
• USN-7157-1
• USN-7157-2