In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
History

Tue, 26 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Fri, 22 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Php Group
Php Group php
CPEs cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*
Vendors & Products Php Group
Php Group php
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 06:30:00 +0000

Type Values Removed Values Added
Description In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
Title Leak partial content of the heap through heap buffer over-read in mysqlnd
Weaknesses CWE-125
CWE-200
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2024-11-22T06:15:29.643Z

Updated: 2024-11-22T17:40:35.112Z

Reserved: 2024-09-17T04:17:06.982Z

Link: CVE-2024-8929

cve-icon Vulnrichment

Updated: 2024-11-22T17:40:23.078Z

cve-icon NVD

Status : Received

Published: 2024-11-22T07:15:03.447

Modified: 2024-11-22T07:15:03.447

Link: CVE-2024-8929

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-22T06:15:29Z

Links: CVE-2024-8929 - Bugzilla