REDHAT-BUG-2327960
First published: Fri Nov 22 2024(Updated: )
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | <8.1.31<8.2.26<8.3.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2327960?
The severity of REDHAT-BUG-2327960 is considered to be high due to the potential for data leakage and exposure of sensitive information from the heap.
How do I fix REDHAT-BUG-2327960?
To fix REDHAT-BUG-2327960, you should upgrade your PHP version to at least 8.1.31, 8.2.26, or 8.3.14 depending on your current version.
What versions of PHP are affected by REDHAT-BUG-2327960?
PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 are affected by REDHAT-BUG-2327960.
What data is at risk due to REDHAT-BUG-2327960?
REDHAT-BUG-2327960 puts at risk the content of the PHP client's heap, which may include data from SQL requests and other users' data.
Who is impacted by REDHAT-BUG-2327960?
Any users or applications using vulnerable versions of PHP that connect to a hostile MySQL server are impacted by REDHAT-BUG-2327960.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-8929
- agent/severity
- agent/last-modified-date
- agent/references
- agent/source
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/php
- canonical/php