CVE-2024-8925

Updated: 2024-10-16 23:05:47.752179

Description:

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

EL 6 PHP php 5.3 5.3 MEDIUM Released CLSA-2024:1732109610 2024-11-20 11:47:50
EL 6 PHP php 8.2 5.3 MEDIUM Not Vulnerable 2024-11-17 22:20:42
EL 6 PHP php 7.3 5.3 MEDIUM Released CLSA-2024:1732136262 2024-11-20 16:19:02
EL 6 PHP php 7.4 5.3 MEDIUM Released CLSA-2024:1732138529 2024-11-20 22:08:38
EL 6 PHP php 8.0 5.3 MEDIUM Released CLSA-2024:1732139715 2024-11-20 22:08:37
EL 6 PHP php 7.1 5.3 MEDIUM Released CLSA-2024:1732119231 2024-11-20 11:47:24
EL 6 PHP php 7.0 5.3 MEDIUM Released CLSA-2024:1732117709 2024-11-20 11:47:26
EL 6 PHP php 5.6 5.3 MEDIUM Released CLSA-2024:1732115222 2024-11-20 11:47:27
EL 6 PHP php 5.5 5.3 MEDIUM Released CLSA-2024:1732111310 2024-11-20 11:47:36
EL 6 PHP php 7.2 5.3 MEDIUM Released CLSA-2024:1732120975 2024-11-20 11:47:48
Total: 86