PT-2024-8896 · Php+10 · Php+10
Faeris95
+1
·
Published
2024-11-15
·
Updated
2026-02-10
·
CVE-2024-8929
CVSS v3.1
5.8
Medium
| Vector | AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
PHP versions 8.1.* before 8.1.31
PHP versions 8.2.* before 8.2.26
PHP versions 8.3.* before 8.3.14
Description:
The issue is related to insufficient protection of internal data due to a buffer overflow in memory, which can be exploited by a hostile MySQL server to disclose the content of the client's heap, potentially containing data from other SQL requests and other users of the same server. This can allow a remote attacker to gain unauthorized access to protected information.
Recommendations:
For PHP versions 8.1.* before 8.1.31, update to version 8.1.31 or later.
For PHP versions 8.2.* before 8.2.26, update to version 8.2.26 or later.
For PHP versions 8.3.* before 8.3.14, update to version 8.3.14 or later.
As a temporary workaround, consider restricting access to the
php mysqlnd rset field read() function until a patch is available.Fix
Out of bounds Read
Buffer Over-read
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu