First published: Thu Nov 21 2024(Updated: )
Fixed bug (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
Credit: security@php.net security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
PHP | <8.1.31 | 8.1.31 |
debian/php7.4 | <=7.4.33-1+deb11u5 | 7.4.33-1+deb11u8 |
debian/php8.2 | 8.2.26-1~deb12u1 8.2.28-1~deb12u1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-8929 has a high severity level due to its potential to leak sensitive information from the heap.
To fix CVE-2024-8929, upgrade PHP to version 8.1.31 or later, 8.2.26 or later, or to 8.3.14 or later.
PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 are affected by CVE-2024-8929.
CVE-2024-8929 allows attackers with access to a hostile MySQL server to exploit heap buffer over-read vulnerabilities.
CVE-2024-8929 is considered a client-side vulnerability as it affects the PHP client when interacting with a malicious MySQL server.