Launchpad CVE tracker

CVE 2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Related bugs and status

CVE-2024-2756 (Candidate) is related to these bugs:

Bug #2057576: php-fpm sometimes SIGSEGVs (signal 11) when running fpm_get_status

		In	Importance	Status
2057576	php-fpm sometimes SIGSEGVs (signal 11) when running fpm_get_status	php7.4 (Ubuntu)	Undecided	Invalid
2057576	php-fpm sometimes SIGSEGVs (signal 11) when running fpm_get_status	php8.1 (Ubuntu)	Undecided	Invalid
2057576	php-fpm sometimes SIGSEGVs (signal 11) when running fpm_get_status	php8.2 (Ubuntu)	Undecided	Invalid
2057576	php-fpm sometimes SIGSEGVs (signal 11) when running fpm_get_status	php8.1 (Ubuntu Jammy)	Undecided	Fix Released
2057576	php-fpm sometimes SIGSEGVs (signal 11) when running fpm_get_status	php8.2 (Ubuntu Mantic)	Undecided	Fix Committed
2057576	php-fpm sometimes SIGSEGVs (signal 11) when running fpm_get_status	php7.4 (Ubuntu Focal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/php...

Launchpad.net

CVE 2024-2756

Related bugs and status

Related bugs

References