CVE-2024-8929

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-8929

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8929.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-8929

Aliases

Downstream

BELL-CVE-2024-8929

DEBIAN-CVE-2024-8929

DLA-3986-1

DSA-5819-1

MINI-mvq4-xxw6-qwpm

MINI-rrhp-x7c8-mfwr

OESA-2024-2478

RHSA-2025:15687

RHSA-2025:4263

RHSA-2025:7315

RHSA-2025:7432

RLSA-2025:4263

RLSA-2025:7432

SUSE-SU-2024:4136-1

SUSE-SU-2024:4146-1

SUSE-SU-2024:4215-1

UBUNTU-CVE-2024-8929

USN-7157-1

USN-7157-3

openSUSE-SU-2024:14521-1

Related

Published

2024-11-22T07:15:03.447Z

Modified

2025-11-14T03:35:36.293189Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115

Fixed

38123aca18c3c1bd1f109ec77af2f175d7afcf35

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8929.json"