CVE-2024-8932

EUVD-2024-49639
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
phpphp
8.1.0 ≤
𝑥
< 8.1.31
phpphp
8.2.0 ≤
𝑥
< 8.2.26
phpphp
8.3.0 ≤
𝑥
< 8.3.14
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
php_groupphp
8.1.0 ≤
𝑥
< 8.1.31
ADP
php_groupphp
8.2.0 ≤
𝑥
< 8.2.26
ADP
php_groupphp
8.3.0 ≤
𝑥
< 8.3.14
ADP
Debian logo
Debian Releases
Debian Product
Codename
php7.4
bullseye
vulnerable
bullseye (security)
7.4.33-1+deb11u9
fixed
php8.2
bookworm
8.2.29-1~deb12u1
fixed
bookworm (security)
8.2.29-1~deb12u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php7.0
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
Fixed 7.0.33-0ubuntu0.16.04.16+esm14
released
php5
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
needs-triage
php7.2
bionic
needs-triage
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
php7.4
focal
Fixed 7.4.3-4ubuntu2.26
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
php8.1
focal
dne
jammy
Fixed 8.1.2-1ubuntu2.20
released
noble
dne
oracular
dne
plucky
dne
questing
dne
php8.3
focal
dne
jammy
dne
noble
Fixed 8.3.6-0ubuntu0.24.04.3
released
oracular
Fixed 8.3.11-0ubuntu0.24.10.4
released
plucky
dne
questing
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apache2-mod_php8
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-bcmath
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-bz2
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-calendar
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-cli
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-ctype
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-curl
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-dba
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-devel
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-dom
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-embed
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-enchant
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-exif
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-fastcgi
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-fileinfo
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-fpm
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-ftp
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-gd
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-gettext
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-gmp
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-iconv
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-intl
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-ldap
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-mbstring
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-mysql
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-odbc
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-opcache
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-openssl
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-pcntl
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-pdo
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-pgsql
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-phar
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-posix
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-readline
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-shmop
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-snmp
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-soap
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-sockets
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-sodium
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-sqlite
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-sysvmsg
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-sysvsem
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-sysvshm
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-test
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-tidy
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-tokenizer
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-xmlreader
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-xmlwriter
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-xsl
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-zip
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
php8-zlib
suse enterprise sap 15 SP6
8.2.26-150600.3.9.1
fixed
suse enterprise server 15 SP6
8.2.26-150600.3.9.1
fixed
Common Weakness Enumeration
References
https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html
https://security.netapp.com/advisory/ntap-20250110-0009/