← back
CVE-2024-8929

Leak partial content of the heap through heap buffer over-read in mysqlnd

CVSS 5.8 MEDIUMEPSS 2.3%CWE-125CWE-200
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected products
PHP Group · PHP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678https://lists.debian.org/debian-lts-announce/2024/12/msg00007.htmlhttps://security.netapp.com/advisory/ntap-20250110-0008/