CVE-2024-8929

MEDIUM5.8EPSS 0.66%

Leak partial content of the heap through heap buffer over-read in mysqlnd

發布日:2024/11/22修改日:2026/4/28

描述

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

受影響套件(5)

Bitnami/libphpfrom 0, < 8.1.31, >= 8.2.0, < 8.2.24, >= 8.3.0, < 8.3.14
Bitnami/phpfrom 0, < 8.1.31, >= 8.2.0, < 8.2.24, >= 8.3.0, < 8.3.14
Bitnami/php-minfrom 0, < 8.1.31, >= 8.2.0, < 8.2.24, >= 8.3.0, < 8.3.14
Debian/php7.4from 0, < 7.4.33-1+deb11u7
Debian/php8.2from 0, < 8.2.26-1~deb12u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.8	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

參考連結(5)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-8929
WEBhttps://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678
WEBhttps://lists.debian.org/debian-lts-announce/2024/12/msg00007.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-8929
WEBhttps://security.netapp.com/advisory/ntap-20250110-0008/