CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-8929: Leak partial content of the heap through heap buffer over-read in mysqlnd

5.8 CVSS

Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Classification

CVE ID: CVE-2024-8929

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.8

Affected Products

Vendor: PHP Group

Product: PHP

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.47% (scored less or equal to compared to others)

EPSS Date: 2025-02-08 (when was this score calculated)

References

https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678

Timeline

2025-01-11 00:30:56 UTC
CVE

Leak partial content of the heap through heap buffer over-read in mysqlnd