CVE-2024-8932
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 787
Summary
CVE-2024-8932 is a vulnerability affecting PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. Maliciously crafted long string inputs to the ldap_escape() function on 32-bit systems can lead to an integer overflow, resulting in an out-of-bounds write. This issue may allow attackers to execute arbitrary code or cause denial of service conditions. Users are encouraged to update their PHP installations to the latest versions to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- PHP: Hypertext Preprocessor
Affected Vendors
- Php