← voltar
CVE-2024-8929

Leak partial content of the heap through heap buffer over-read in mysqlnd

CVSS 5.8 MEDIUMEPSS 2.3%CWE-125CWE-200
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Produtos afetados
PHP Group · PHP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678https://lists.debian.org/debian-lts-announce/2024/12/msg00007.htmlhttps://security.netapp.com/advisory/ntap-20250110-0008/