PT-2024-8904 · Php+6 · Php+6

Crispy-Fried-Chicken

+1

·

Published

2024-11-15

·

Updated

2026-01-19

·

CVE-2024-8932

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: PHP versions 8.1.* through 8.1.30 PHP versions 8.2.* through 8.2.25 PHP versions 8.3.* through 8.3.13
Description: The issue is related to the ldap escape() function in PHP, which can cause an integer overflow when given uncontrolled long string inputs on 32-bit systems, resulting in an out-of-bounds write. This can allow a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is over 700,000 instances.
Recommendations: For PHP versions 8.1.* through 8.1.30, update to version 8.1.31 or later. For PHP versions 8.2.* through 8.2.25, update to version 8.2.26 or later. For PHP versions 8.3.* through 8.3.13, update to version 8.3.14 or later. As a temporary workaround, consider disabling the ldap escape() function until a patch is available.

Exploit

Fix

DoS

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2024-16220
ALT-PU-2024-16262
ALT-PU-2024-16264
ALT-PU-2024-16421
ALT-PU-2024-16432
ALT-PU-2024-16480
ALT-PU-2024-16520
AZL-53480
AZL-53748
BDU:2024-10571
BIT-LIBPHP-2024-8932
BIT-PHP-2024-8932
BIT-PHP-MIN-2024-8932
CVE-2024-8932
DLA-3986-1
DSA-5819-1
GHSA-G665-FM4P-VHFF
MGASA-2024-0375
OESA-2024-2478
OPENSUSE-SU-2024:14521-1
OPENSUSE-SU-2024_4136-1
SUSE-SU-2024:4136-1
USN-7157-1
USN-7157-2
USN-7157-3

Affected Products

Alt Linux
Astra Linux
Linuxmint
Php
Red Os
Suse
Ubuntu