CVE-2024-8929 (GCVE-0-2024-8929)

Vulnerability from cvelistv5 – Published: 2024-11-22 06:15 – Updated: 2025-11-03 22:33
VLAI?
Title
Leak partial content of the heap through heap buffer over-read in mysqlnd
Summary
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
Severity ?
5.8 (Medium)
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-125 - Out-of-bounds Read
Assigner
php
References
Impacted products
Vendor Product Version
PHP Group PHP Affected: 8.1.* , < 8.1.31 (semver)
Affected: 8.2.* , < 8.2.24 (semver)
Affected: 8.3.* , < 8.3.14 (semver)
Create a notification for this product.
Credits
Sébastien Rolland
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.31",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.24",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.14",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8929",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-22T17:37:12.386428Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-22T17:40:35.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:33:10.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250110-0008/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "mysqlnd"
          ],
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.31",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.24",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.14",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "S\u00e9bastien Rolland"
        }
      ],
      "datePublic": "2024-11-21T18:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T06:15:29.643Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678"
        }
      ],
      "source": {
        "advisory": "https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh",
        "discovery": "EXTERNAL"
      },
      "title": "Leak partial content of the heap through heap buffer over-read in mysqlnd",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2024-8929",
    "datePublished": "2024-11-22T06:15:29.643Z",
    "dateReserved": "2024-09-17T04:17:06.982Z",
    "dateUpdated": "2025-11-03T22:33:10.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.\"}, {\"lang\": \"es\", \"value\": \"En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, un servidor MySQL hostil puede hacer que el cliente revele el contenido de su mont\\u00f3n que contiene datos de otras solicitudes SQL y otros posibles datos que pertenecen a diferentes usuarios del mismo servidor.\"}]",
      "id": "CVE-2024-8929",
      "lastModified": "2025-01-10T13:15:10.460",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@php.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 4.0}]}",
      "published": "2024-11-22T07:15:03.447",
      "references": "[{\"url\": \"https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678\", \"source\": \"security@php.net\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250110-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@php.net",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@php.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}, {\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-8929\",\"sourceIdentifier\":\"security@php.net\",\"published\":\"2024-11-22T07:15:03.447\",\"lastModified\":\"2025-11-03T23:17:33.117\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.\"},{\"lang\":\"es\",\"value\":\"En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, un servidor MySQL hostil puede hacer que el cliente revele el contenido de su mont\u00f3n que contiene datos de otras solicitudes SQL y otros posibles datos que pertenecen a diferentes usuarios del mismo servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.31\",\"matchCriteriaId\":\"CE6E1B68-3EB9-4C67-97A6-226EA02CC2EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.26\",\"matchCriteriaId\":\"C160D91A-CF97-4DD1-A34F-8B8C852B3CEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndExcluding\":\"8.3.14\",\"matchCriteriaId\":\"35B1BA7F-0EAE-4F40-ACA4-EBC5D63F609A\"}]}]}],\"references\":[{\"url\":\"https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250110-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250110-0008/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:33:10.858Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8929\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-22T17:37:12.386428Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*\"], \"vendor\": \"php_group\", \"product\": \"php\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1.0\", \"lessThan\": \"8.1.31\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2.0\", \"lessThan\": \"8.2.24\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.3.0\", \"lessThan\": \"8.3.14\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-22T17:40:23.078Z\"}}], \"cna\": {\"title\": \"Leak partial content of the heap through heap buffer over-read in mysqlnd\", \"source\": {\"advisory\": \"https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"S\\u00e9bastien Rolland\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PHP Group\", \"modules\": [\"mysqlnd\"], \"product\": \"PHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1.*\", \"lessThan\": \"8.1.31\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.2.*\", \"lessThan\": \"8.2.24\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.3.*\", \"lessThan\": \"8.3.14\", \"versionType\": \"semver\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2024-11-21T18:15:00.000Z\", \"references\": [{\"url\": \"https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"dd77f84a-d19a-4638-8c3d-a322d820ed2b\", \"shortName\": \"php\", \"dateUpdated\": \"2024-11-22T06:15:29.643Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-8929\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T22:33:10.858Z\", \"dateReserved\": \"2024-09-17T04:17:06.982Z\", \"assignerOrgId\": \"dd77f84a-d19a-4638-8c3d-a322d820ed2b\", \"datePublished\": \"2024-11-22T06:15:29.643Z\", \"assignerShortName\": \"php\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}