CVE-2024-8932

Updated: 2024-11-24 03:33:54.977972

Description:

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS php 5.3.3 6.5 MEDIUM Ignored 2024-11-25 12:07:49
CentOS 7 ELS php 5.4.16 6.5 MEDIUM Ignored 2024-11-25 12:07:49
CentOS 8.4 ELS php 7.4.6 6.5 MEDIUM Ignored 2024-11-25 12:07:49
CentOS 8.5 ELS php 7.4.19 6.5 MEDIUM Ignored 2024-11-25 12:07:49
CentOS Stream 8 ELS php 7.2.24 6.5 MEDIUM Ignored 2024-11-25 12:07:49
CloudLinux 6 ELS php 5.3.3 6.5 MEDIUM Ignored 2024-11-25 12:07:49
CloudLinux 7 ELS php 5.4.16 6.5 MEDIUM Ignored 2024-11-25 12:07:49
Oracle Linux 6 ELS php 5.3.3 6.5 MEDIUM Ignored 2024-11-25 12:07:49
Oracle Linux 7 ELS php 5.4.16 6.5 MEDIUM Ignored 2024-12-03 12:10:02
Ubuntu 16.04 ELS php 7.0.33 6.5 MEDIUM Ignored 2024-11-25 12:07:49
Total: 11