The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3891a08c9e advisory.

    **PHP version 8.3.14** (21 Nov 2024)

    **CLI:**

    * Fixed bug [GH-16373](https://github.com/php/php-src/issues/16373) (Shebang is not skipped for router     script in cli-server started through shebang). (ilutov)
    * Fixed bug [GHSA-4w77-75f9-2c8w](https://github.com/php/php-src/security/advisories/GHSA-4w77-75f9-2c8w)     (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). (nielsdos)

    **COM:**

    * Fixed out of bound writes to SafeArray data. (cmb)

    **Core:**

    * Fixed bug [GH-16168](https://github.com/php/php-src/issues/16168) (php 8.1 and earlier crash immediately     when compiled with Xcode 16 clang on macOS 15). (nielsdos)
    * Fixed bug [GH-16371](https://github.com/php/php-src/issues/16371) (Assertion failure in     Zend/zend_weakrefs.c:646). (Arnaud)
    * Fixed bug [GH-16515](https://github.com/php/php-src/issues/16515) (Incorrect propagation of     ZEND_ACC_RETURN_REFERENCE for call trampoline). (ilutov)
    * Fixed bug [GH-16509](https://github.com/php/php-src/issues/16509) (Incorrect line number in function     redeclaration error). (ilutov)
    * Fixed bug [GH-16508](https://github.com/php/php-src/issues/16508) (Incorrect line number in inheritance     errors of delayed early bound classes). (ilutov)
    * Fixed bug [GH-16648](https://github.com/php/php-src/issues/16648) (Use-after-free during array sorting).
    (ilutov)

    **Curl:**

    * Fixed bug [GH-16302](https://github.com/php/php-src/issues/16302) (CurlMultiHandle holds a reference to     CurlHandle if curl_multi_add_handle fails). (timwolla)

    **Date:**

    * Fixed bug [GH-16454](https://github.com/php/php-src/issues/16454) (Unhandled INF in date_sunset() with     tiny $utcOffset). (cmb)
    * Fixed bug [GH-14732](https://github.com/php/php-src/issues/14732) (date_sun_info() fails for non-finite     values). (cmb)

    **DBA:**

    * Fixed bug [GH-16390](https://github.com/php/php-src/issues/16390) (dba_open() can segfault for     pathless streams). (cmb)

    **DOM:**

    * Fixed bug [GH-16316](https://github.com/php/php-src/issues/16316) (DOMXPath breaks when not initialized     properly). (nielsdos)
    * Add missing hierarchy checks to replaceChild. (nielsdos)
    * Fixed bug [GH-16336](https://github.com/php/php-src/issues/16336) (Attribute intern document     mismanagement). (nielsdos)
    * Fixed bug [GH-16338](https://github.com/php/php-src/issues/16338) (Null-dereference in ext/dom/node.c).
    (nielsdos)
    * Fixed bug [GH-16473](https://github.com/php/php-src/issues/16473) (dom_import_simplexml stub is wrong).
    (nielsdos)
    * Fixed bug [GH-16533](https://github.com/php/php-src/issues/16533) (Segfault when adding attribute to     parent that is not an element). (nielsdos)
    * Fixed bug [GH-16535](https://github.com/php/php-src/issues/16535) (UAF when using document as a child).
    (nielsdos)
    * Fixed bug [GH-16593](https://github.com/php/php-src/issues/16593) (Assertion failure in     DOM->replaceChild). (nielsdos)
    * Fixed bug [GH-16595](https://github.com/php/php-src/issues/16595) (Another UAF in DOM -> cloneNode).
    (nielsdos)

    **EXIF:**

    * Fixed bug [GH-16409](https://github.com/php/php-src/issues/16409) (Segfault in exif_thumbnail when not     dealing with a real file). (nielsdos, cmb)

    **FFI:**

    * Fixed bug [GH-16397](https://github.com/php/php-src/issues/16397) (Segmentation fault when comparing FFI     object). (nielsdos)

    **Filter:**

    * Fixed bug [GH-16523](https://github.com/php/php-src/issues/16523) (FILTER_FLAG_HOSTNAME accepts ending     hyphen). (cmb)

    **FPM:**

    * Fixed bug [GH-16628](https://github.com/php/php-src/issues/16628) (FPM logs are getting corrupted with     this log statement). (nielsdos)

    **GD:**

    * Fixed bug [GH-16334](https://github.com/php/php-src/issues/16334) (imageaffine overflow on matrix     elements). (David Carlier)
    * Fixed bug [GH-16427](https://github.com/php/php-src/issues/16427) (Unchecked libavif return values).
    (cmb)
    * Fixed bug [GH-16559](https://github.com/php/php-src/issues/16559) (UBSan abort in     ext/gd/libgd/gd_interpolation.c:1007). (nielsdos)

    **GMP:**

    * Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier).
    * Fixed bug [GH-16411](https://github.com/php/php-src/issues/16411) (gmp_export() can cause overflow).
    (cmb)
    * Fixed bug [GH-16501](https://github.com/php/php-src/issues/16501) (gmp_random_bits() can cause     overflow). (David Carlier)
    * Fixed gmp_pow() overflow bug with large base/exponents. (David Carlier)
    * Fixed segfaults and other issues related to operator overloading with GMP objects. (Girgias)

    **LDAP:**

    * Fixed bug [GHSA-g665-fm4p-vhff](https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff)     (OOB access in ldap_escape). (**CVE-2024-8932**) (nielsdos)

    **MBstring:**

    * Fixed bug [GH-16361](https://github.com/php/php-src/issues/16361) (mb_substr overflow on start/length     arguments). (David Carlier)

    **MySQLnd:**

    * Fixed bug [GHSA-h35g-vwh6-m678](https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678)     (Leak partial content of the heap through heap buffer over-read). (**CVE-2024-8929**) (Jakub Zelenka)

    **Opcache:**

    * Fixed bug [GH-16408](https://github.com/php/php-src/issues/16408) (Array to string conversion warning     emitted in optimizer). (ilutov)

    **OpenSSL:**

    * Fixed bug [GH-16357](https://github.com/php/php-src/issues/16357) (openssl may modify member types of     certificate arrays). (cmb)
    * Fixed bug [GH-16433](https://github.com/php/php-src/issues/16433) (Large values for openssl_csr_sign()     $days overflow). (cmb)
    * Fix various memory leaks on error conditions in openssl_x509_parse(). (nielsdos)

    **PDO DBLIB:**

    * Fixed bug [GHSA-5hqh-c84r-qjcv](https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv)     (Integer overflow in the dblib quoter causing OOB writes). (**CVE-2024-11236**) (nielsdos)

    **PDO Firebird:**

    * Fixed bug [GHSA-5hqh-c84r-qjcv](https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv)     (Integer overflow in the firebird quoter causing OOB writes). (**CVE-2024-11236**) (nielsdos)

    **PDO ODBC:**

    * Fixed bug [GH-16450](https://github.com/php/php-src/issues/16450) (PDO_ODBC can inject garbage into     field values). (cmb)

    **Phar:**

    * Fixed bug [GH-16406](https://github.com/php/php-src/issues/16406) (Assertion failure in     ext/phar/phar.c:2808). (nielsdos)

    **PHPDBG:**

    * Fixed bug [GH-16174](https://github.com/php/php-src/issues/16174) (Empty string is an invalid expression     for ev). (cmb)

    **Reflection:**

    * Fixed bug [GH-16601](https://github.com/php/php-src/issues/16601) (Memory leak in Reflection     constructors). (nielsdos)

    **Session:**

    * Fixed bug [GH-16385](https://github.com/php/php-src/issues/16385) (Unexpected null returned by     session_set_cookie_params). (nielsdos)
    * Fixed bug [GH-16290](https://github.com/php/php-src/issues/16290) (overflow on cookie_lifetime ini     value). (David Carlier)

    **SOAP:**

    * Fixed bug [GH-16318](https://github.com/php/php-src/issues/16318) (Recursive array segfaults soap     encoding). (nielsdos)
    * Fixed bug [GH-16429](https://github.com/php/php-src/issues/16429) (Segmentation fault access null     pointer in SoapClient). (nielsdos)

    **Sockets:**

    * Fixed bug with overflow socket_recvfrom $length argument. (David Carlier)

    **SPL:**

    * Fixed bug [GH-16337](https://github.com/php/php-src/issues/16337) (Use-after-free in SplHeap).
    (nielsdos)
    * Fixed bug [GH-16464](https://github.com/php/php-src/issues/16464) (Use-after-free in     SplDoublyLinkedList::offsetSet()). (ilutov)
    * Fixed bug [GH-16479](https://github.com/php/php-src/issues/16479) (Use-after-free in     SplObjectStorage::setInfo()). (ilutov)
    * Fixed bug [GH-16478](https://github.com/php/php-src/issues/16478) (Use-after-free in     SplFixedArray::unset()). (ilutov)
    * Fixed bug [GH-16588](https://github.com/php/php-src/issues/16588) (UAF in Observer->serialize).
    (nielsdos)
    * Fix [GH-16477](https://github.com/php/php-src/issues/16477) (Segmentation fault when calling
    __debugInfo() after failed SplFileObject::__constructor). (Girgias)
    * Fixed bug [GH-16589](https://github.com/php/php-src/issues/16589) (UAF in SplDoublyLinked->serialize()).
    (nielsdos)
    * Fixed bug [GH-14687](https://github.com/php/php-src/issues/14687) (segfault on SplObjectIterator     instance). (David Carlier)
    * Fixed bug [GH-16604](https://github.com/php/php-src/issues/16604) (Memory leaks in SPL constructors).
    (nielsdos)
    * Fixed bug [GH-16646](https://github.com/php/php-src/issues/16646) (UAF in ArrayObject::unset() and     ArrayObject::exchangeArray()). (ilutov)

    **Standard:**

    * Fixed bug [GH-16293](https://github.com/php/php-src/issues/16293) (Failed assertion when throwing in     assert() callback with bail enabled). (ilutov)

    **Streams:**

    * Fixed bug [GHSA-c5f2-jwm7-mmq2](https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2)     (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (**CVE-2024-11234**)     (Jakub Zelenka)
    * Fixed bug [GHSA-r977-prxv-hc43](https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43)     (Single byte overread with convert.quoted-printable-decode filter). (**CVE-2024-11233**) (nielsdos)

    **SysVMsg:**

    * Fixed bug [GH-16592](https://github.com/php/php-src/issues/16592) (msg_send() crashes when a type does     not properly serialized). (David Carlier / cmb)

    **SysVShm:**

    * Fixed bug [GH-16591](https://github.com/php/php-src/issues/16591) (Assertion error in shm_put_var).
    (nielsdos, cmb)

    **XMLReader:**

    * Fixed bug [GH-16292](https://github.com/php/php-src/issues/16292) (Segmentation fault in     ext/xmlreader/php_xmlreader.c). (nielsdos)

    **Zlib:**

    * Fixed bug [GH-16326](https://github.com/php/php-src/issues/16326) (Memory management is broken for bad     dictionaries.) (cmb)



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Fedora 41 : php (2024-3891a08c9e)

critical Nessus Plugin ID 211742

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Nov 27, 2024, 12:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2024-8932" to "CVE-2024-11236") CVSSv3 score source (changed from "CVE-2024-11236" to none) Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202411271225
Version 1.2 Nov 26, 2024, 6:59 AM CVSSv3 score source (set to "CVE-2024-11236") Plugin Feed: 202411260659
Version 1.1 Nov 23, 2024, 8:40 AM New Plugin Feed: 202411230840