CVE-2024-8929
Published: November 22, 2024Last modified: November 22, 2024
Description
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.8 |
| Attack Vector | ADJACENT_NETWORK |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | php81 | Fixed (8.1.31-r0) |
| Stream | php83 | Fixed (8.3.14-r0) |