CVE-2024-11235
Reference counting in php_request_shutdown causes Use-After-Free
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
| CWE | CWE-416 |
| Vendor | php group |
| Product | php |
| Published | Apr 4, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for php group php
Be the first to know when new unknown vulnerabilities affecting php group php are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
PHP Group / PHP
8.4.* < 8.4.5 8.3.* < 8.3.19
References
Credits
🔍 Junwha Hong