CVE-2024-8925

Updated: 2024-10-16 23:05:47.752179

Description:

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS php 5.3.3 5.3 MEDIUM Released CLSA-2024:1730139582 2024-11-06 12:07:31
CentOS 7 ELS php 5.4.16 5.3 MEDIUM Released CLSA-2024:1730141462 2024-11-06 12:07:32
CentOS 8.4 ELS php 7.4.6 5.3 MEDIUM Released CLSA-2024:1730226852 2024-10-29 17:33:12
CentOS 8.5 ELS php 7.4.19 5.3 MEDIUM Released CLSA-2024:1730369205 2024-10-31 10:55:19
CentOS Stream 8 ELS php 7.2.24 5.3 MEDIUM Released CLSA-2024:1730134476 2024-10-28 14:30:42
CloudLinux 6 ELS php 5.3.3 5.3 MEDIUM In Rollout CLSA-2024:1730369579 2024-10-31 10:55:17
CloudLinux 7 ELS php 5.4.16 5.3 MEDIUM Released CLSA-2024:1730143367 2024-11-06 12:07:32
Oracle Linux 6 ELS php 5.3.3 5.3 MEDIUM Released CLSA-2024:1730369378 2024-10-31 10:55:18
Ubuntu 16.04 ELS php 7.0.33 5.3 MEDIUM Released CLSA-2024:1730227099 2024-10-29 17:33:13
Ubuntu 18.04 ELS php 7.2.24-0 5.3 MEDIUM Released CLSA-2024:1730227233 2024-10-29 17:33:15