CVE-2024-11233
Single byte overread with convert.quoted-printable-decode filterIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
We have discovered 757,683 live websites that are affected by CVE-2024-11233.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 757,683 live websites (8.68% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 71 versions ( 12.98% of all versions) |
Common Weakness Enumeration
CWE-122 Heap-based Buffer OverflowDetails
- Published - Nov 24, 2024
- Updated - Nov 24, 2024
Credits
- Frostb1te (reporter)
CWE
CVE References
CWE References
CVE-2024-11233 usage by Country
 United States | 178,746 websites |
 Cyprus | 91,227 websites |
 France | 85,693 websites |
 Germany | 74,042 websites |
 Russia | 53,196 websites |
 Sweden | 51,528 websites |
 Netherlands | 48,994 websites |
 GB | 20,395 websites |
 Japan | 14,257 websites |
 Australia | 11,284 websites |
CVE-2024-11233 usage by TLD
| .com | 263,806 websites |
| .ru | 47,947 websites |
| .nl | 44,983 websites |
| .se | 36,058 websites |
| .fr | 33,719 websites |
| .org | 27,691 websites |
| .com.br | 21,432 websites |
| .de | 19,744 websites |
| .net | 19,593 websites |
| .co.uk | 15,779 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-11233
Top websites that are affected by CVE-2024-11233. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *** | |
| ******.com | United States | *,*** | |
| *****.cz |  Czech Republic | *,*** | |
| ********.********.it |  Italy | *,*** | |
| ***********.de | Germany | *,*** | |
| ***.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| *******.com | Germany | *,*** | |
| ******.com | United States | *,*** | |
| ****.com |  China | *,*** |
FAQ
CVE-2024-11233 is Heap-based Buffer Overflow in PHP
A total of 757,683 websites have been identified as vulnerable to CVE-2024-11233, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2024-11233 vulnerability.
PHP versions before 8.3.14 are vulnerable to CVE-2024-11233.
Version 8.3.14 of PHP addresses the CVE-2024-11233 security vulnerability.