Metrics
Affected Vendors & Products
Thu, 12 Dec 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
Wed, 16 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Php-fpm
Php-fpm php-fpm |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:* | |
Vendors & Products |
Php-fpm
Php-fpm php-fpm |
Tue, 08 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Php
Php php |
|
CPEs | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | |
Vendors & Products |
Php
Php php |
|
Metrics |
ssvc
|
Tue, 08 Oct 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, ff a multipart form data payload contains a valid prefix 'X' of the defined boundary B such that 5Kib < |X| < |B| < 8Kib, the logic responsible for parsing and storing the multipart payload fails to correctly extract the contents between two boundaries. | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. |
Title | php: Erroneous parsing of multipart form data | Erroneous parsing of multipart form data |
Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 08 Oct 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, ff a multipart form data payload contains a valid prefix 'X' of the defined boundary B such that 5Kib < |X| < |B| < 8Kib, the logic responsible for parsing and storing the multipart payload fails to correctly extract the contents between two boundaries. | |
Title | php: Erroneous parsing of multipart form data | |
Weaknesses | CWE-1286 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Status: PUBLISHED
Assigner: php
Published: 2024-10-08T03:35:02.673Z
Updated: 2024-10-08T13:52:50.674Z
Reserved: 2024-09-17T03:59:29.523Z
Link: CVE-2024-8925
Updated: 2024-10-08T12:56:56.974Z
Status : Analyzed
Published: 2024-10-08T04:15:09.450
Modified: 2024-10-16T18:53:39.957
Link: CVE-2024-8925