admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-24 01:00:31 +00:00
parent 2c16a3ac0c
commit 3e7ab7866c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
2 changed files with 195 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
2024/11xxx/CVE-2024-11234.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11234",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@php.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHP Group",
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1.*",
"version_value": "8.1.31"
},
{
"version_affected": "<",
"version_name": "8.2.*",
"version_value": "8.2.26"
},
{
"version_affected": "<",
"version_name": "8.3.*",
"version_value": "8.3.14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2",
"refsource": "MISC",
"name": "https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Lorenzo Leonardini"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

107
2024/11xxx/CVE-2024-11236.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11236",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@php.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHP Group",
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "8.1.31",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.26",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
},
{
"lessThan": "8.3.14",
"status": "affected",
"version": "8.3.*",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv",
"refsource": "MISC",
"name": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84",
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Niels Dossche"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}