CVE-2024-5458

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-5458
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5458.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-5458
Aliases
Downstream
Related
Published
2024-06-09T19:15:52.397Z
Modified
2026-03-15T22:49:31.185042Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

In PHP versionsĀ 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLsĀ (FILTERVALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
c800ecda065b5642dde6aff5484d58d91d77f66c
Last affected
c796a801599b13943c2413589e339c39d1d4bb47
Introduced
c6723538054d96291abb6bad4628b9f55bc7fc17
Last affected
dca8d5565b947270a29f232bc54efd9df3b92b94
Introduced
a66aeecc2c0adc32ea0bbaa6e669b92f2deaa939
Last affected
8213daa932be1c2ae04726233e4e56e5df63980e
Introduced
381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115
Fixed
fc4973fb0dfae6085742868b8f0f05163e150a0c
Introduced
70ee6c20ad97e02c2b8098aeea96fefbbc3ac5c2
Fixed
40298a988fca728ddc47316938da61e0f768c872
Introduced
d26068059e83fe40de3430a512471d194119bee0
Fixed
ce51bfac759dedac1537f4d5666dcd33fbc4a281
Database specific 
{
    "versions": [
        {
            "introduced": "7.3.27"
        },
        {
            "last_affected": "7.3.33"
        },
        {
            "introduced": "7.4.15"
        },
        {
            "last_affected": "7.4.33"
        },
        {
            "introduced": "8.0.2"
        },
        {
            "last_affected": "8.0.30"
        },
        {
            "introduced": "8.1.0"
        },
        {
            "fixed": "8.1.29"
        },
        {
            "introduced": "8.2.0"
        },
        {
            "fixed": "8.2.20"
        },
        {
            "introduced": "8.3.0"
        },
        {
            "fixed": "8.3.8"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5458.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "40"
            }
        ]
    }
]