www.belgium.be Logo of the federal government

WARNING: CRITICAL OUT-OF-BOUNDS WRITE VULNERABILITY IN PHP, PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-274
Versie: 
1.0
Geïmpacteerde software: 
PHP < 8.1.31, < 8.2.26, < 8.3.14
Type: 
CWE-190: Integer overflow & CWE-787: Out-Of-Bounds write
CVE/CVSS: 

CVE-2024-11236: CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Bronnen

GitHub advisory: https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv

GitHub advisory: https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff

Risico’s

PHP is a scripting language that is widely used to make interactive Web pages.

PHP before versions 8.1.31, 8.2.26 and 8.3.14, it includes a critical integer overflow vulnerability that can result in Out-Of-Bounds writes. This means that input can be written to memory outside the buffer that is reserved for it. This has a high impact on Confidentiality, Integrity and Availability as OOB writes can have significant impact.

Beschrijving

PDO_FIREBIRD and PDO_DBLIB are drivers that implement the PDO (PHP Data Objects) interface to enable access from PHP to the Firebird database and Microsoft SQL Server/Sybase database respectively. In these components, the ZSTR_MAX_LEN value can be surpassed, resulting in an integer overflow. Eventually, this can result in Out-Of-Bounds (OOB) writes.

Aanbevolen acties

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
The vulnerability is patched in versions 8.1.31, 8.2.26, 8.3.14 and above.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

PHP Security Bulletin 8.1.31: https://www.php.net/ChangeLog-8.php#8.1.31
PHP Security Bulletin 8.2.26: https://www.php.net/ChangeLog-8.php#8.2.26
PHP Security Bulletin 8.3.14: https://www.php.net/ChangeLog-8.php#8.3.14