cbcvebase.
CVE-2024-8932
published 2024-11-22

CVE-2024-8932: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Affected

17 ranges
VendorProductVersion rangeFixed in
debianphp7.4< php7.4 7.4.33-1+deb11u7 (bullseye)php7.4 7.4.33-1+deb11u7 (bullseye)
debianphp8.2< php7.4 7.4.33-1+deb11u7 (bullseye)php7.4 7.4.33-1+deb11u7 (bullseye)
msrcazl3_php_8.3.12-1_on_azure_linux_3.0
msrcazl3_php_8.3.14-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_php_8.1.30-1_on_cbl_mariner_2.0
msrccbl2_php_8.1.31-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
netappontap
phpphp>= 8.1.0 < 8.1.318.1.31
phpphp>= 8.2.0 < 8.2.268.2.26
phpphp>= 8.3.0 < 8.3.148.3.14
php_groupphp>= 8.1.* < 8.1.318.1.31
php_groupphp>= 8.2.* < 8.2.268.2.26
php_groupphp>= 8.3.* < 8.3.148.3.14

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL