CVE-2024-11235

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477	Exploit Vendor Advisory
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

History

30 Apr 2025, 19:25

Type	Values Removed	Values Added
First Time		Php Php php
References	~~() https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 -~~	() https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 - Exploit, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
CPE		cpe:2.3:a:php:php::::::::

07 Apr 2025, 14:17

Type	Values Removed	Values Added
Summary		(es) En las versiones de PHP 8.3.* anteriores a la 8.3.19 y 8.4.* anteriores a la 8.4.5, una secuencia de código que incluya el controlador __set o el controlador ??= y excepciones puede generar una vulnerabilidad de use-after-free. Si un tercero puede controlar la distribución de memoria que provoca esto, por ejemplo, proporcionando entradas especialmente manipuladas al script, podría provocar la ejecución remota de código.

04 Apr 2025, 20:15

Type	Values Removed	Values Added
References	~~() https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 -~~	() https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 -

04 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-04 18:15

Updated : 2025-04-30 19:25

NVD link : CVE-2024-11235

Mitre link : CVE-2024-11235

CVE.ORG link : CVE-2024-11235

JSON object : View

Products Affected

php

php

CWE

CWE-416

Use After Free

{"id": "CVE-2024-11235", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "security@php.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-04T18:15:48.020", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477", "tags": ["Exploit", "Vendor Advisory"], "source": "security@php.net"}, {"url": "https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@php.net", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=\u00a0\u00a0operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution."}, {"lang": "es", "value": "En las versiones de PHP 8.3.* anteriores a la 8.3.19 y 8.4.* anteriores a la 8.4.5, una secuencia de c\u00f3digo que incluya el controlador __set o el controlador ??= y excepciones puede generar una vulnerabilidad de use-after-free. Si un tercero puede controlar la distribuci\u00f3n de memoria que provoca esto, por ejemplo, proporcionando entradas especialmente manipuladas al script, podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-04-30T19:25:17.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A525415D-4C9F-4884-9F85-94989608D805", "versionEndExcluding": "8.3.19", "versionStartIncluding": "8.3.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC94B1EC-530A-4A25-9BCD-DAC5F52F6813", "versionEndExcluding": "8.4.5", "versionStartIncluding": "8.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}