Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-5458

Published: 11 June 2024

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

Priority

Medium

Cvss 3 Severity Score

5.3

Score breakdown

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

trusty Needs triage

upstream Needs triage

php7.0
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

xenial Needs triage

php7.2
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

php7.4
Launchpad, Ubuntu, Debian
focal
Released (7.4.3-4ubuntu2.23)
jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

php8.1
Launchpad, Ubuntu, Debian
focal Does not exist

jammy
Released (8.1.2-1ubuntu2.18)
mantic Does not exist

noble Does not exist

upstream
Released (8.1.29)
php8.2
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

mantic
Released (8.2.10-2ubuntu2.2)
noble Does not exist

upstream
Released (8.2.20)
php8.3
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

mantic Does not exist

noble
Released (8.3.6-0ubuntu0.24.04.1)
upstream
Released (8.3.8)
Patches:
upstream: https://github.com/php/php-src/commit/c7486130d97d592aee8809a5bce97e11deac94a5
upstream: https://github.com/php/php-src/commit/7e0e3cc820c493301409a0ce2b6ef95e0ab06b0c

Severity score breakdown

Parameter Value
Base score 5.3
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N