In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:AmberPHP
APPPhp8.3.0 – 8.3.19 (bez)8.4.0 – 8.4.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
Related vulnerabilities
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2012-1823CRITICAL9.8⚠ KEVten sam produkt
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi)...
CVE-2026-6722CRITICAL9.5PL ✓ten sam produkt
Use-after-free w rozszerzeniu SOAP PHP umożliwiające RCE
CVE-2022-31631CRITICAL9.1PL ✓ten sam produkt
PHP PDO SQLite — błędne cytowanie ciągów prowadzące do SQL injection
CVE-2024-11236CRITICAL9.8PL ✓ten sam produkt
PHP: integer overflow w ldap_escape() prowadzący do out-of-bounds write