CVE-2024-8929 MEDIUM

CVE-2024-8929: Leak partial content of the heap through heap buffer over-read in mysqlnd

Vendor Php Group
Product PHP
Weakness CWE-200 · Info exposure
Published November 22, 2024
Last update November 3, 2025
View on NVD All CVEs

CVSS base score

5.8/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Key dates

02Disclosure timeline

November 22, 2024 CVE published
November 3, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-43319 WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability CVE-2019-1589 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability CVE-2026-34969 Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback CVE-2025-58589 Information Disclosure Through Stacktrace CVE-2022-29165 Argo CD will blindly trust JWT claims if anonymous access is enabled