Unrated severityNVD Advisory· Published Nov 22, 2024· Updated Nov 3, 2025

Leak partial content of the heap through heap buffer over-read in mysqlnd

CVE-2024-8929

Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Affected products

Php Group/PHPv5
Range: 8.1.*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000