CVE-2024-8932 OOB access in ldap_escape

🗓️ 22 Nov 2024 06:03:29Reported by phpType

Out-of-bounds write in ldap_escape function due to uncontrolled long string input

Reporter	Title	Published	Views	Family All 116
Tenable Nessus	Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845)	26 Feb 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-872)	2 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-873)	2 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2025-006 (ALASPHP8.1-2025-006)	26 Feb 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2025-006 (ALASPHP8.2-2025-006)	26 Feb 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: php (CVE-2024-8932)	10 Feb 202500:00	–	nessus
Tenable Nessus	Debian dla-3986 : libapache2-mod-php7.4 - security update	8 Dec 202400:00	–	nessus
Tenable Nessus	Debian dsa-5819 : libapache2-mod-php8.2 - security update	26 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 41 : php (2024-3891a08c9e)	23 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 40 : php (2024-e0d390d35b)	28 Nov 202400:00	–	nessus

[
  {
    "defaultStatus": "affected",
    "modules": [
      "ldap"
    ],
    "platforms": [
      "32 bit"
    ],
    "product": "PHP",
    "vendor": "PHP Group",
    "versions": [
      {
        "lessThan": "8.1.31",
        "status": "affected",
        "version": "8.1.*",
        "versionType": "semver"
      },
      {
        "lessThan": "8.2.26",
        "status": "affected",
        "version": "8.2.*",
        "versionType": "semver"
      },
      {
        "lessThan": "8.3.14",
        "status": "affected",
        "version": "8.3.*",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff

22 Nov 2024 06:03Current

CVSS 3.19.8

EPSS0.01284

CWE-787