PHP Security Update Advisory (CVE-2024-8932)

Nov 28 2024

Overview

An update has been released to address vulnerabilities in PHP. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8932

PHP versions: ~ 8.1.31 (excluded)
PHP versions: ~ 8.2.26 (excluded)
PHP versions: ~ 8.3.14 (excluded)

Resolved Vulnerabilities

An uncontrolled long string input to the ldap_escape() function could cause an integer overflow, resulting in an out-of-bounds write (CVE-2024-8932)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8932

PHP version: 8.1.31
PHP version: 8.2.26
PHP version: 8.3.14

Referenced Sites

[1] CVE-2024-8932 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-8932

[2] OOB access in ldap_escape

https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff

PHP Security Update Advisory (CVE-2024-8932)

IBM Product Security Update Advisory

ManageEngine (Analytics Plus) Product November 2024 Security Update Advisory

Tags:

IBM Product Security Update Advisory

ManageEngine (Analytics Plus) Product November 2024 Security Update Advisory