Security Advisory

CVE-2024-11235

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-04 17:51:07

Last updated 2026-02-26 18:28:56

Assigner php

State PUBLISHED

Description

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

← Browse all CVEs View on cve.org ↗