cvelistv5 - cve-2024-8932

cve-2024-8932

Vulnerability from cvelistv5

Published

2024-11-22 06:03

Modified

2025-01-10 13:06

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS score ?

0.12% (0.28568)

Summary

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

References

▼	URL	Tags
	security@php.net	https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
	af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250110-0009/

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Version: 8.1.* ≤ Version: 8.2.* ≤ Version: 8.3.* ≤

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "php",
                  vendor: "php_group",
                  versions: [
                     {
                        lessThan: "8.1.31",
                        status: "affected",
                        version: "8.1.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.2.26",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.3.14",
                        status: "affected",
                        version: "8.3.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-8932",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-26T00:00:00+00:00",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-27T04:55:17.998Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2025-01-10T13:06:52.262Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://security.netapp.com/advisory/ntap-20250110-0009/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               modules: [
                  "ldap",
               ],
               platforms: [
                  "32 bit",
               ],
               product: "PHP",
               vendor: "PHP Group",
               versions: [
                  {
                     lessThan: "8.1.31",
                     status: "affected",
                     version: "8.1.*",
                     versionType: "semver",
                  },
                  {
                     lessThan: "8.2.26",
                     status: "affected",
                     version: "8.2.*",
                     versionType: "semver",
                  },
                  {
                     lessThan: "8.3.14",
                     status: "affected",
                     version: "8.3.*",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "reporter",
               value: "Yiheng Cao",
            },
         ],
         datePublic: "2024-11-21T18:15:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to </span><code>ldap_escape()</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.</span><br>",
                  },
               ],
               value: "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-22T06:03:29.764Z",
            orgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            shortName: "php",
         },
         references: [
            {
               url: "https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff",
            },
         ],
         source: {
            advisory: "https://github.com/php/php-src/security/advisories/GHSA-g665-fm4",
            discovery: "EXTERNAL",
         },
         title: "OOB access in ldap_escape",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
      assignerShortName: "php",
      cveId: "CVE-2024-8932",
      datePublished: "2024-11-22T06:03:29.764Z",
      dateReserved: "2024-09-17T04:50:14.830Z",
      dateUpdated: "2025-01-10T13:06:52.262Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-8932\",\"sourceIdentifier\":\"security@php.net\",\"published\":\"2024-11-22T06:15:20.197\",\"lastModified\":\"2025-01-10T13:15:10.617\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.\"},{\"lang\":\"es\",\"value\":\"En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, las entradas de cadenas largas no controladas a la función ldap_escape() en sistemas de 32 bits pueden causar un desbordamiento de enteros, lo que resulta en una escritura fuera de los límites.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff\",\"source\":\"security@php.net\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250110-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250110-0009/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-01-10T13:06:52.262Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8932\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-22T17:41:35.928721Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*\"], \"vendor\": \"php_group\", \"product\": \"php\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1.0\", \"lessThan\": \"8.1.31\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2.0\", \"lessThan\": \"8.2.26\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.3.0\", \"lessThan\": \"8.3.14\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-22T17:41:17.061Z\"}}], \"cna\": {\"title\": \"OOB access in ldap_escape\", \"source\": {\"advisory\": \"https://github.com/php/php-src/security/advisories/GHSA-g665-fm4\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Yiheng Cao\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PHP Group\", \"modules\": [\"ldap\"], \"product\": \"PHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1.*\", \"lessThan\": \"8.1.31\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.2.*\", \"lessThan\": \"8.2.26\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.3.*\", \"lessThan\": \"8.3.14\", \"versionType\": \"semver\"}], \"platforms\": [\"32 bit\"], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2024-11-21T18:15:00.000Z\", \"references\": [{\"url\": \"https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<span style=\\\"background-color: rgb(255, 255, 255);\\\">In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to </span><code>ldap_escape()</code><span style=\\\"background-color: rgb(255, 255, 255);\\\">&nbsp;function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.</span><br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"dd77f84a-d19a-4638-8c3d-a322d820ed2b\", \"shortName\": \"php\", \"dateUpdated\": \"2024-11-22T06:03:29.764Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-8932\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-10T13:06:52.262Z\", \"dateReserved\": \"2024-09-17T04:50:14.830Z\", \"assignerOrgId\": \"dd77f84a-d19a-4638-8c3d-a322d820ed2b\", \"datePublished\": \"2024-11-22T06:03:29.764Z\", \"assignerShortName\": \"php\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

fkie_cve-2024-8932

Vulnerability from fkie_nvd

Published

2024-11-22 06:15

Modified

2025-01-10 13:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	security@php.net	https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
	af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250110-0009/

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.",
      },
      {
         lang: "es",
         value: "En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, las entradas de cadenas largas no controladas a la función ldap_escape() en sistemas de 32 bits pueden causar un desbordamiento de enteros, lo que resulta en una escritura fuera de los límites.",
      },
   ],
   id: "CVE-2024-8932",
   lastModified: "2025-01-10T13:15:10.617",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "security@php.net",
            type: "Secondary",
         },
      ],
   },
   published: "2024-11-22T06:15:20.197",
   references: [
      {
         source: "security@php.net",
         url: "https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20250110-0009/",
      },
   ],
   sourceIdentifier: "security@php.net",
   vulnStatus: "Awaiting Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "security@php.net",
         type: "Secondary",
      },
   ],
}

wid-sec-w-2024-3519

Vulnerability from csaf_certbund

Published

2024-11-20 23:00

Modified

2024-12-19 23:00

Summary

PHP: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PHP ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und einen Spoofing-Angriff durchzuführen.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PHP ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und einen Spoofing-Angriff durchzuführen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges\n- UNIX\n- Windows",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3519 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3519.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3519 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3519",
         },
         {
            category: "external",
            summary: "PHP 8.1.31 Released vom 2024-11-20",
            url: "https://php.net/releases/8_1_31.php",
         },
         {
            category: "external",
            summary: "PHP 8.2.26 Released vom 2024-11-20",
            url: "https://php.net/releases/8_2_26.php",
         },
         {
            category: "external",
            summary: "PHP 8.3.14 Released vom 2024-11-20",
            url: "https://php.net/releases/8_3_14.php",
         },
         {
            category: "external",
            summary: "openSUSE Security Update OPENSUSE-SU-2024:14521-1 vom 2024-11-25",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ROEYTIBLUXYCMCC2T25PTAXMN2GIRPJV/",
         },
         {
            category: "external",
            summary: "Debian Security Advisory DSA-5819 vom 2024-11-27",
            url: "https://security-tracker.debian.org/tracker/DSA-5819-1",
         },
         {
            category: "external",
            summary: "Fedora Security Advisory FEDORA-EPEL-2024-366DD673FF vom 2024-11-29",
            url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-366dd673ff",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2024:4136-1 vom 2024-12-02",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019893.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2024:4146-1 vom 2024-12-03",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019901.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2024:4215-1 vom 2024-12-05",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HKCDJJZK6B6322B2KGZEQFXWGZ7AI2KM/",
         },
         {
            category: "external",
            summary: "Debian Security Advisory DLA-3986 vom 2024-12-08",
            url: "https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html",
         },
         {
            category: "external",
            summary: "Ubuntu Security Notice USN-7153-1 vom 2024-12-12",
            url: "https://ubuntu.com/security/notices/USN-7153-1",
         },
         {
            category: "external",
            summary: "Ubuntu Security Notice USN-7157-2 vom 2024-12-14",
            url: "https://ubuntu.com/security/notices/USN-7157-2",
         },
         {
            category: "external",
            summary: "Ubuntu Security Notice USN-7157-1 vom 2024-12-13",
            url: "https://ubuntu.com/security/notices/USN-7157-1",
         },
         {
            category: "external",
            summary: "NetApp Security Advisory NTAP-20241220-0008 vom 2024-12-20",
            url: "https://security.netapp.com/advisory/ntap-20241220-0008/",
         },
      ],
      source_lang: "en-US",
      title: "PHP: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-12-19T23:00:00.000+00:00",
         generator: {
            date: "2024-12-20T12:42:24.337+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.10",
            },
         },
         id: "WID-SEC-W-2024-3519",
         initial_release_date: "2024-11-20T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-11-20T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2024-11-25T23:00:00.000+00:00",
               number: "2",
               summary: "Neue Updates von openSUSE aufgenommen",
            },
            {
               date: "2024-11-26T23:00:00.000+00:00",
               number: "3",
               summary: "Neue Updates von Debian aufgenommen",
            },
            {
               date: "2024-11-28T23:00:00.000+00:00",
               number: "4",
               summary: "Neue Updates von Fedora aufgenommen",
            },
            {
               date: "2024-12-02T23:00:00.000+00:00",
               number: "5",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2024-12-03T23:00:00.000+00:00",
               number: "6",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2024-12-05T23:00:00.000+00:00",
               number: "7",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2024-12-08T23:00:00.000+00:00",
               number: "8",
               summary: "Neue Updates von Debian aufgenommen",
            },
            {
               date: "2024-12-12T23:00:00.000+00:00",
               number: "9",
               summary: "Neue Updates von Ubuntu aufgenommen",
            },
            {
               date: "2024-12-15T23:00:00.000+00:00",
               number: "10",
               summary: "Neue Updates von Ubuntu aufgenommen",
            },
            {
               date: "2024-12-19T23:00:00.000+00:00",
               number: "11",
               summary: "Neue Updates von NetApp aufgenommen",
            },
         ],
         status: "final",
         version: "11",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_name",
                  name: "Debian Linux",
                  product: {
                     name: "Debian Linux",
                     product_id: "2951",
                     product_identification_helper: {
                        cpe: "cpe:/o:debian:debian_linux:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Debian",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Fedora Linux",
                  product: {
                     name: "Fedora Linux",
                     product_id: "74185",
                     product_identification_helper: {
                        cpe: "cpe:/o:fedoraproject:fedora:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Fedora",
         },
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "9",
                        product: {
                           name: "NetApp Data ONTAP 9",
                           product_id: "T027038",
                           product_identification_helper: {
                              cpe: "cpe:/a:netapp:data_ontap:9",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Data ONTAP",
               },
            ],
            category: "vendor",
            name: "NetApp",
         },
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<8.1.31",
                        product: {
                           name: "Open Source PHP <8.1.31",
                           product_id: "T039378",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.1.31",
                        product: {
                           name: "Open Source PHP 8.1.31",
                           product_id: "T039378-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:php:php:8.1.31",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<8.2.26",
                        product: {
                           name: "Open Source PHP <8.2.26",
                           product_id: "T039379",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.2.26",
                        product: {
                           name: "Open Source PHP 8.2.26",
                           product_id: "T039379-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:php:php:8.2.26",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<8.3.14",
                        product: {
                           name: "Open Source PHP <8.3.14",
                           product_id: "T039380",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.3.14",
                        product: {
                           name: "Open Source PHP 8.3.14",
                           product_id: "T039380-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:php:php:8.3.14",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<8.4.1",
                        product: {
                           name: "Open Source PHP <8.4.1",
                           product_id: "T039383",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.4.1",
                        product: {
                           name: "Open Source PHP 8.4.1",
                           product_id: "T039383-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:php:php:8.4.1",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "PHP",
               },
            ],
            category: "vendor",
            name: "Open Source",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "SUSE Linux",
                  product: {
                     name: "SUSE Linux",
                     product_id: "T002207",
                     product_identification_helper: {
                        cpe: "cpe:/o:suse:suse_linux:-",
                     },
                  },
               },
               {
                  category: "product_name",
                  name: "SUSE openSUSE",
                  product: {
                     name: "SUSE openSUSE",
                     product_id: "T027843",
                     product_identification_helper: {
                        cpe: "cpe:/o:suse:opensuse:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Ubuntu Linux",
                  product: {
                     name: "Ubuntu Linux",
                     product_id: "T000126",
                     product_identification_helper: {
                        cpe: "cpe:/o:canonical:ubuntu_linux:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Ubuntu",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2024-11233",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-11233",
      },
      {
         cve: "CVE-2024-11234",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-11234",
      },
      {
         cve: "CVE-2024-11236",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-11236",
      },
      {
         cve: "CVE-2024-8929",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-8929",
      },
      {
         cve: "CVE-2024-8932",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-8932",
      },
   ],
}

WID-SEC-W-2024-3519

Vulnerability from csaf_certbund

Published

2024-11-20 23:00

Modified

2024-12-19 23:00

Summary

PHP: Mehrere Schwachstellen

Notes

Produktbeschreibung

PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.

Angriff

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PHP ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und einen Spoofing-Angriff durchzuführen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges\n- UNIX\n- Windows",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3519 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3519.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3519 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3519",
         },
         {
            category: "external",
            summary: "PHP 8.1.31 Released vom 2024-11-20",
            url: "https://php.net/releases/8_1_31.php",
         },
         {
            category: "external",
            summary: "PHP 8.2.26 Released vom 2024-11-20",
            url: "https://php.net/releases/8_2_26.php",
         },
         {
            category: "external",
            summary: "PHP 8.3.14 Released vom 2024-11-20",
            url: "https://php.net/releases/8_3_14.php",
         },
         {
            category: "external",
            summary: "openSUSE Security Update OPENSUSE-SU-2024:14521-1 vom 2024-11-25",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ROEYTIBLUXYCMCC2T25PTAXMN2GIRPJV/",
         },
         {
            category: "external",
            summary: "Debian Security Advisory DSA-5819 vom 2024-11-27",
            url: "https://security-tracker.debian.org/tracker/DSA-5819-1",
         },
         {
            category: "external",
            summary: "Fedora Security Advisory FEDORA-EPEL-2024-366DD673FF vom 2024-11-29",
            url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-366dd673ff",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2024:4136-1 vom 2024-12-02",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019893.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2024:4146-1 vom 2024-12-03",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019901.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2024:4215-1 vom 2024-12-05",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HKCDJJZK6B6322B2KGZEQFXWGZ7AI2KM/",
         },
         {
            category: "external",
            summary: "Debian Security Advisory DLA-3986 vom 2024-12-08",
            url: "https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html",
         },
         {
            category: "external",
            summary: "Ubuntu Security Notice USN-7153-1 vom 2024-12-12",
            url: "https://ubuntu.com/security/notices/USN-7153-1",
         },
         {
            category: "external",
            summary: "Ubuntu Security Notice USN-7157-2 vom 2024-12-14",
            url: "https://ubuntu.com/security/notices/USN-7157-2",
         },
         {
            category: "external",
            summary: "Ubuntu Security Notice USN-7157-1 vom 2024-12-13",
            url: "https://ubuntu.com/security/notices/USN-7157-1",
         },
         {
            category: "external",
            summary: "NetApp Security Advisory NTAP-20241220-0008 vom 2024-12-20",
            url: "https://security.netapp.com/advisory/ntap-20241220-0008/",
         },
      ],
      source_lang: "en-US",
      title: "PHP: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-12-19T23:00:00.000+00:00",
         generator: {
            date: "2024-12-20T12:42:24.337+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.10",
            },
         },
         id: "WID-SEC-W-2024-3519",
         initial_release_date: "2024-11-20T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-11-20T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2024-11-25T23:00:00.000+00:00",
               number: "2",
               summary: "Neue Updates von openSUSE aufgenommen",
            },
            {
               date: "2024-11-26T23:00:00.000+00:00",
               number: "3",
               summary: "Neue Updates von Debian aufgenommen",
            },
            {
               date: "2024-11-28T23:00:00.000+00:00",
               number: "4",
               summary: "Neue Updates von Fedora aufgenommen",
            },
            {
               date: "2024-12-02T23:00:00.000+00:00",
               number: "5",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2024-12-03T23:00:00.000+00:00",
               number: "6",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2024-12-05T23:00:00.000+00:00",
               number: "7",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2024-12-08T23:00:00.000+00:00",
               number: "8",
               summary: "Neue Updates von Debian aufgenommen",
            },
            {
               date: "2024-12-12T23:00:00.000+00:00",
               number: "9",
               summary: "Neue Updates von Ubuntu aufgenommen",
            },
            {
               date: "2024-12-15T23:00:00.000+00:00",
               number: "10",
               summary: "Neue Updates von Ubuntu aufgenommen",
            },
            {
               date: "2024-12-19T23:00:00.000+00:00",
               number: "11",
               summary: "Neue Updates von NetApp aufgenommen",
            },
         ],
         status: "final",
         version: "11",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_name",
                  name: "Debian Linux",
                  product: {
                     name: "Debian Linux",
                     product_id: "2951",
                     product_identification_helper: {
                        cpe: "cpe:/o:debian:debian_linux:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Debian",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Fedora Linux",
                  product: {
                     name: "Fedora Linux",
                     product_id: "74185",
                     product_identification_helper: {
                        cpe: "cpe:/o:fedoraproject:fedora:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Fedora",
         },
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "9",
                        product: {
                           name: "NetApp Data ONTAP 9",
                           product_id: "T027038",
                           product_identification_helper: {
                              cpe: "cpe:/a:netapp:data_ontap:9",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Data ONTAP",
               },
            ],
            category: "vendor",
            name: "NetApp",
         },
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<8.1.31",
                        product: {
                           name: "Open Source PHP <8.1.31",
                           product_id: "T039378",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.1.31",
                        product: {
                           name: "Open Source PHP 8.1.31",
                           product_id: "T039378-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:php:php:8.1.31",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<8.2.26",
                        product: {
                           name: "Open Source PHP <8.2.26",
                           product_id: "T039379",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.2.26",
                        product: {
                           name: "Open Source PHP 8.2.26",
                           product_id: "T039379-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:php:php:8.2.26",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<8.3.14",
                        product: {
                           name: "Open Source PHP <8.3.14",
                           product_id: "T039380",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.3.14",
                        product: {
                           name: "Open Source PHP 8.3.14",
                           product_id: "T039380-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:php:php:8.3.14",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<8.4.1",
                        product: {
                           name: "Open Source PHP <8.4.1",
                           product_id: "T039383",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.4.1",
                        product: {
                           name: "Open Source PHP 8.4.1",
                           product_id: "T039383-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:php:php:8.4.1",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "PHP",
               },
            ],
            category: "vendor",
            name: "Open Source",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "SUSE Linux",
                  product: {
                     name: "SUSE Linux",
                     product_id: "T002207",
                     product_identification_helper: {
                        cpe: "cpe:/o:suse:suse_linux:-",
                     },
                  },
               },
               {
                  category: "product_name",
                  name: "SUSE openSUSE",
                  product: {
                     name: "SUSE openSUSE",
                     product_id: "T027843",
                     product_identification_helper: {
                        cpe: "cpe:/o:suse:opensuse:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Ubuntu Linux",
                  product: {
                     name: "Ubuntu Linux",
                     product_id: "T000126",
                     product_identification_helper: {
                        cpe: "cpe:/o:canonical:ubuntu_linux:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Ubuntu",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2024-11233",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-11233",
      },
      {
         cve: "CVE-2024-11234",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-11234",
      },
      {
         cve: "CVE-2024-11236",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-11236",
      },
      {
         cve: "CVE-2024-8929",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-8929",
      },
      {
         cve: "CVE-2024-8932",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in PHP, die unter anderem Komponenten wie dblib, firebird und streams betreffen. Die Schwachstellen resultieren aus Sicherheitsproblemen wie Out-of-Bounds Reads, Buffer Over-Reads, Integerüberläufen, CRLF Injection und einer Use-after-free-Bedingung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Spoofing-Angriff durchzuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039383",
               "2951",
               "T002207",
               "T039380",
               "T000126",
               "T027843",
               "T027038",
               "74185",
               "T039379",
               "T039378",
            ],
         },
         release_date: "2024-11-20T23:00:00.000+00:00",
         title: "CVE-2024-8932",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-8932

Vulnerability from cvelistv5

fkie_cve-2024-8932

Vulnerability from fkie_nvd

wid-sec-w-2024-3519

Vulnerability from csaf_certbund

WID-SEC-W-2024-3519

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature