CVE-2024-2756 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
php	CNA	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
php	php	8.1.* ≤ 𝑥 < 8.1.28	CNA
php	php	8.2.* ≤ 𝑥 < 8.2.18	CNA
php	php	8.3.* ≤ 𝑥 < 8.3.5	CNA

Debian Releases

Debian Product

Codename

php7.4

bullseye	7.4.33-1+deb11u5 fixed
bullseye (security)	7.4.33-1+deb11u9 fixed

php8.2

bookworm	8.2.29-1~deb12u1 fixed
bookworm (security)	8.2.29-1~deb12u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

php5

focal	dne
jammy	dne
mantic	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	needs-triage

php7.0

focal	dne
jammy	dne
mantic	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
xenial	Fixed 7.0.33-0ubuntu0.16.04.16+esm9 released

php7.2

bionic	Fixed 7.2.24-0ubuntu0.18.04.17+esm3 released
focal	dne
jammy	dne
mantic	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

php7.4

focal	Fixed 7.4.3-4ubuntu2.22 released
jammy	dne
mantic	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

php8.1

focal	dne
jammy	Fixed 8.1.2-1ubuntu2.17 released
mantic	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

php8.2

bionic	dne
focal	dne
jammy	dne
mantic	Fixed 8.2.10-2ubuntu2.1 released
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	dne
xenial	dne

php8.3

bionic	dne
focal	dne
jammy	dne
mantic	dne
noble	Fixed 8.3.6-0maysync1 released
oracular	Fixed 8.3.6-0maysync1 released
plucky	dne
questing	dne
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://www.openwall.com/lists/oss-security/2024/04/12/11

https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4

https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html

https://security.netapp.com/advisory/ntap-20240510-0008/

http://www.openwall.com/lists/oss-security/2024/04/12/11

https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4

https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/

https://security.netapp.com/advisory/ntap-20240510-0008/