vulnerability

Oracle Linux: CVE-2024-3096: ELSA-2024-10949: php:8.2 security update (MODERATE) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Apr 12, 2024	Dec 12, 2024	Sep 15, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Apr 12, 2024

Added

Dec 12, 2024

Modified

Sep 15, 2025

Description

In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
A null byte interaction error vulnerability was found in PHP. If a password stored with password_hash starts with a null byte (\x00), testing a blank string as the password via password_verify will incorrectly return true. If a user can create a password with a leading null byte (unlikely, but syntactically valid), an attacker could trivially compromise the victim's account by attempting to sign in with a blank string.

Solutions

oracle-linux-upgrade-apcu-paneloracle-linux-upgrade-libziporacle-linux-upgrade-libzip-develoracle-linux-upgrade-libzip-toolsoracle-linux-upgrade-phporacle-linux-upgrade-php-bcmathoracle-linux-upgrade-php-clioracle-linux-upgrade-php-commonoracle-linux-upgrade-php-dbaoracle-linux-upgrade-php-dbgoracle-linux-upgrade-php-develoracle-linux-upgrade-php-embeddedoracle-linux-upgrade-php-enchantoracle-linux-upgrade-php-ffioracle-linux-upgrade-php-fpmoracle-linux-upgrade-php-gdoracle-linux-upgrade-php-gmporacle-linux-upgrade-php-intloracle-linux-upgrade-php-jsonoracle-linux-upgrade-php-ldaporacle-linux-upgrade-php-mbstringoracle-linux-upgrade-php-mysqlndoracle-linux-upgrade-php-odbcoracle-linux-upgrade-php-opcacheoracle-linux-upgrade-php-pdooracle-linux-upgrade-php-pearoracle-linux-upgrade-php-pecl-apcuoracle-linux-upgrade-php-pecl-apcu-develoracle-linux-upgrade-php-pecl-rrdoracle-linux-upgrade-php-pecl-xdebugoracle-linux-upgrade-php-pecl-xdebug3oracle-linux-upgrade-php-pecl-ziporacle-linux-upgrade-php-pgsqloracle-linux-upgrade-php-processoracle-linux-upgrade-php-snmporacle-linux-upgrade-php-soaporacle-linux-upgrade-php-xmloracle-linux-upgrade-php-xmlrpc

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today