Alpine: multiple php83 packages: security update to 8.3.14-r0

critical Tenable Cloud Security Plugin ID 427403

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can
cause the client to disclose the content of its heap containing data from other SQL requests and possible
other data belonging to different users of the same server. (CVE-2024-8929)

- In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string
inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-
bounds write. (CVE-2024-11236, CVE-2024-8932)

- In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in
convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in
certain circumstances lead to crashes or disclose content of other memory areas. (CVE-2024-11233)

- In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with
configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP
request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating
from the server, thus potentially gaining access to resources not normally available to the external user.
(CVE-2024-11234)

See Also

https://security.alpinelinux.org/vuln/CVE-2024-11233

https://security.alpinelinux.org/vuln/CVE-2024-11234

https://security.alpinelinux.org/vuln/CVE-2024-11236

https://security.alpinelinux.org/vuln/CVE-2024-8929

https://security.alpinelinux.org/vuln/CVE-2024-8932

Plugin Details

Severity: Critical

ID: 427403

Version: Revision 1.4

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.83

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-11236

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/19/2024

Reference Information

CVE: CVE-2024-11233, CVE-2024-11234, CVE-2024-11236, CVE-2024-8929, CVE-2024-8932

IAVA: 2024-A-0763-S