CVE-2024-11236 — Vulnetix

CVE-2024-11236 PUBLISHED CVSS 9.300000190734863 CRITICAL

Integer overflow in the firebird and dblib quoters causing OOB writes

EPSS 0.44% · 63.7th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.44%

63.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	php	8.2.0, 8.2.0, 8.3.0
Bitnami	php-min	0, 0, 8.2.0
Bitnami	php-min	8.3.0, 8.2.0, 0
Bitnami	php	0, 8.2.0, 8.3.0
Bitnami	libphp	0, 8.2.0, 8.3.0
Bitnami	libphp	0, 8.2.0, 8.3.0

Exploit Intelligence

https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv (nist-nvd)
CIRCL seen: CVE-2024-11236 (circl-sighting)
https://security.netapp.com/advisory/ntap-20241220-0008/ (circl)
https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html (circl)
Weaponized CVE-2024-11236 in Nuclei (cve.org)

Timeline

CVE Published
Jan 21, 1970 Nuclei Template
Jan 21, 1970 Fix Commit
Nov 24, 2024 EPSS Score
Nov 24, 2024 PoC Published
Dec 12, 2024 EPSS Score
Dec 30, 2024 EPSS Score
Jan 16, 2025 EPSS Score
Jan 20, 2025 Coalition ESS Score
Feb 19, 2025 EPSS Score
Mar 9, 2025 EPSS Score
Mar 26, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›