CVE-2024-2408 | PHP up to 8.1.28/8.2.19/8.3.7 on Windows PKCS1 Padding openssl_private_decrypt Marvin Attack information exposure (GHSA-hh26-4ppw-5864)

Posted by Angelo Barbosa | Jun 9, 2024 | CVE

A vulnerability was found in PHP up to 8.1.28/8.2.19/8.3.7 on Windows. It has been declared as problematic. This vulnerability affects the function openssl_private_decrypt of the component PKCS1 Padding Handler. The manipulation leads to information exposure through discrepancy.

This vulnerability was named CVE-2024-2408. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-2408 | PHP up to 8.1.28/8.2.19/8.3.7 on Windows PKCS1 Padding openssl_private_decrypt Marvin Attack information exposure (GHSA-hh26-4ppw-5864)

Related Posts

CVE-2023-36696 | Microsoft Windows up to Server 2022 23H2 Cloud Files Mini Filter Driver Local Privilege Escalation

CVE-2023-48283 | PressTigers Simple Testimonials Showcase Plugin up to 1.1.5 on WordPress cross-site request forgery

CVE-2024-32435 | AffiEasy Plugin up to 1.1.4 on WordPress cross-site request forgery

CVE-2024-42934 | openipmi IPMI Simulator improper authorization