CVE-2024-8929
published 2024-11-22CVE-2024-8929: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap…
medium5.8CVSS 3.1
AVAACHPRLUINSCCHINAN
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php7.4 | < php7.4 7.4.33-1+deb11u7 (bullseye) | php7.4 7.4.33-1+deb11u7 (bullseye) |
| debian | php8.2 | < php7.4 7.4.33-1+deb11u7 (bullseye) | php7.4 7.4.33-1+deb11u7 (bullseye) |
| msrc | azl3_php_8.3.12-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_php_8.3.14-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_php_8.1.30-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_php_8.1.31-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| php | php | >= 8.1.0 < 8.1.31 | 8.1.31 |
| php | php | >= 8.2.0 < 8.2.26 | 8.2.26 |
| php | php | >= 8.3.0 < 8.3.14 | 8.3.14 |
| php_group | php | >= 8.1.* < 8.1.31 | 8.1.31 |
| php_group | php | >= 8.2.* < 8.2.24 | 8.2.24 |
| php_group | php | >= 8.3.* < 8.3.14 | 8.3.14 |
CVSS provenance
nvdv3.15.8MEDIUMCVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
osv8.2HIGH