Updated: 2025-08-20 02:03:51.476705
Description:
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 5.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | php | 8.0.30 | 5.8 | MEDIUM | Released | CLSA-2025:1757946824 | 2025-09-16 01:40:50 | |
| Alpine Linux 3.18 ELS | php | 8.2.16 | 5.8 | MEDIUM | Ignored | 2026-02-12 22:22:41 | This issue is only exploitable when a PHP client connects to an attacker-controlled or tampered MySQ... | |
| CentOS 6 ELS | php | 5.3.3 | 5.8 | MEDIUM | Not Vulnerable | 2024-12-09 11:55:33 | not vulnerable | |
| CentOS 7 ELS | php | 5.4.16 | 5.8 | MEDIUM | Released | CLSA-2025:1738695324 | 2025-02-20 06:44:51 | |
| CentOS 8.4 ELS | php | 7.4.6 | 5.8 | MEDIUM | Released | CLSA-2024:1735130624 | 2024-12-25 23:22:40 | |
| CentOS 8.5 ELS | php | 7.4.19 | 5.8 | MEDIUM | Released | CLSA-2025:1738696117 | 2025-02-06 06:40:48 | |
| CentOS Stream 8 ELS | php | 7.2.24 | 5.8 | MEDIUM | Released | CLSA-2025:1739812360 | 2025-02-18 06:41:28 | |
| CloudLinux 6 ELS | php | 5.3.3 | 5.8 | MEDIUM | Not Vulnerable | 2024-12-09 11:55:34 | Not vulnerable | |
| CloudLinux 7 ELS | php | 5.4.16 | 5.8 | MEDIUM | Released | CLSA-2025:1738695530 | 2025-02-19 11:36:21 | |
| Debian 10 ELS | php | 7.3 | 5.8 | MEDIUM | Ignored | 2026-02-12 22:22:42 | This issue is only exploitable when a PHP client connects to an attacker-controlled or tampered MySQ... |