CVE-2024-8929

Summary

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP8.1.* < 8.1.31affected
PHP GroupPHP8.2.* < 8.2.24affected
PHP GroupPHP8.3.* < 8.3.14affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References