CVE-2024-8932

Public on 2024-11-21

Modified on 2024-11-21

Description

The upstream advisory describes this issue as follows:

Uncontrolled long string inputs to ldap_escape on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Severity

Medium

CVSS v3 Base Score

6.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
HAQM Linux 2 - Core	php			Not Affected
HAQM Linux 2 - Php8.1 Extra	php	2025-02-12	ALAS2PHP8.1-2025-006	Fixed
HAQM Linux 2 - Php8.2 Extra	php	2025-02-12	ALAS2PHP8.2-2025-006	Fixed
HAQM Linux 1	php54			No Fix Planned
HAQM Linux 1	php56			No Fix Planned
HAQM Linux 1	php70			No Fix Planned
HAQM Linux 1	php71			No Fix Planned
HAQM Linux 1	php72			No Fix Planned
HAQM Linux 1	php73			No Fix Planned
HAQM Linux 2023	php8.1	2025-02-12	ALAS2023-2025-845	Fixed
HAQM Linux 2023	php8.2	2025-02-26	ALAS2023-2025-872	Fixed
HAQM Linux 2023	php8.3	2025-02-26	ALAS2023-2025-873	Fixed

CVSS Scores

	Score Type	Score	Vector
HAQM Linux	CVSSv3	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
NVD	CVSSv3	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding HAQM Linux ALAS/CVE Severity Red Hat: CVE-2024-8932 Mitre: CVE-2024-8932