CVE-2024-8932

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 787

Summary

CVE-2024-8932 is a vulnerability affecting PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. Maliciously crafted long string inputs to the ldap_escape() function on 32-bit systems can lead to an integer overflow, resulting in an out-of-bounds write. This issue may allow attackers to execute arbitrary code or cause denial of service conditions. Users are encouraged to update their PHP installations to the latest versions to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PHP: Hypertext Preprocessor

Affected Vendors

  • Php