PHP up to 8.1.30/8.2.25/8.3.13 MySQL Server buffer over-read

Summaryinfo

A vulnerability, which was classified as problematic, was found in PHP up to 8.1.30/8.2.25/8.3.13. This impacts an unknown function of the component MySQL Server Handler. The manipulation results in buffer over-read. This vulnerability is identified as CVE-2024-8929. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in PHP up to 8.1.30/8.2.25/8.3.13. It has been classified as problematic. Affected is some unknown functionality of the component MySQL Server Handler. The manipulation with an unknown input leads to a buffer over-read vulnerability. CWE is classifying the issue as CWE-126. The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This is going to have an impact on confidentiality. CVE summarizes:

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

The advisory is shared for download at github.com. This vulnerability is traded as CVE-2024-8929 since 09/17/2024. The exploitability is told to be difficult. The attack can only be initiated within the local network. There are neither technical details nor an exploit publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 211742 (Fedora 41 : php (2024-3891a08c9e)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 8.1.31, 8.2.26 or 8.3.14 eliminates this vulnerability.

The vulnerability is also documented in the databases at Tenable (211742) and CERT Bund (WID-SEC-2024-3519). Once again VulDB remains the best source for vulnerability data.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Fedora Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• NetApp Data ONTAP
• SUSE openSUSE
• RESF Rocky Linux
• Open Source PHP

Productinfo

Type

• Programming Language Software

Name

• PHP

Version

• 8.1.0
• 8.1.1
• 8.1.2
• 8.1.3
• 8.1.4
• 8.1.5
• 8.1.6
• 8.1.7
• 8.1.8
• 8.1.9
• 8.1.10
• 8.1.11
• 8.1.12
• 8.1.13
• 8.1.14
• 8.1.15
• 8.1.16
• 8.1.17
• 8.1.18
• 8.1.19
• 8.1.20
• 8.1.21
• 8.1.22
• 8.1.23
• 8.1.24
• 8.1.25
• 8.1.26
• 8.1.27
• 8.1.28
• 8.1.29
• 8.1.30
• 8.2.0
• 8.2.1
• 8.2.2
• 8.2.3
• 8.2.4
• 8.2.5
• 8.2.6
• 8.2.7
• 8.2.8
• 8.2.9
• 8.2.10
• 8.2.11
• 8.2.12
• 8.2.13
• 8.2.14
• 8.2.15
• 8.2.16
• 8.2.17
• 8.2.18
• 8.2.19
• 8.2.20
• 8.2.21
• 8.2.22
• 8.2.23
• 8.2.24
• 8.2.25
• 8.3.0
• 8.3.1
• 8.3.2
• 8.3.3
• 8.3.4
• 8.3.5
• 8.3.6
• 8.3.7
• 8.3.8
• 8.3.9
• 8.3.10
• 8.3.11
• 8.3.12
• 8.3.13

License

• open-source

Website

• Product: https://www.php.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion