DEBIAN-CVE-2024-8929

DEBIAN-CVE-2024-8929 PUBLISHED CVSS 5.800000190734863 MEDIUM

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Risk Scores

CVSS 3.1

5.800000190734863

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	php7.4	0, 7.4.21-1+deb11u1, 7.4.25-1+deb11u1
Debian:12	php8.2	8.2.12-1, 8.2.16-1, 8.2.16-2

Exploit Intelligence

index.html (github-poc)
cve_db.json (github-poc)
seen_cves.json (github-poc)

Timeline

Nov 22, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-8929 advisory

Open in Interactive Console →