← volver
CVE-2024-8929

Leak partial content of the heap through heap buffer over-read in mysqlnd

CVSS 5.8 MEDIUMEPSS 2.3%CWE-125CWE-200
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Productos afectados
PHP Group · PHP

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678https://lists.debian.org/debian-lts-announce/2024/12/msg00007.htmlhttps://security.netapp.com/advisory/ntap-20250110-0008/