Login Sign Up

CVE-2024-8929

5.8 MEDIUM

📋 TL;DR

A memory disclosure vulnerability in PHP's MySQL client allows a malicious MySQL server to read heap memory from the client. This could expose sensitive data from previous SQL queries or other users' data. Affects PHP applications connecting to untrusted MySQL servers.

💻 Affected Systems

Products:
  • PHP
Versions: PHP 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14
Operating Systems: All operating systems running affected PHP versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects PHP applications using MySQL client extensions (mysqli, PDO_MySQL) to connect to MySQL servers.

📦 What is this software?

Php by Php

View all CVEs affecting Php →

Php by Php

View all CVEs affecting Php →

Php by Php

View all CVEs affecting Php →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious MySQL server extracts sensitive application data, session tokens, or credentials from PHP heap memory, leading to full system compromise.

🟠

Likely Case

Information disclosure of SQL query data or application memory contents when connecting to compromised or untrusted MySQL servers.

🟢

If Mitigated

Limited impact if only connecting to trusted MySQL servers with proper network segmentation.

🌐 Internet-Facing: MEDIUM - Risk exists if PHP applications connect to external MySQL servers, but requires malicious server control.
🏢 Internal Only: LOW - Internal MySQL servers are typically trusted, reducing exposure unless internal servers are compromised.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires control of MySQL server to exploit; client must connect to malicious server. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PHP 8.1.31, 8.2.26, 8.3.14

Vendor Advisory: https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678

Restart Required: Yes

Instructions:

1. Update PHP to patched version using package manager (apt, yum, etc.). 2. Restart web server (Apache, Nginx, PHP-FPM). 3. Verify PHP version with php -v.

🔧 Temporary Workarounds

Restrict MySQL Connections

all

Only allow PHP applications to connect to trusted, internal MySQL servers.

Network Segmentation

linux

Implement firewall rules to restrict outbound MySQL connections from PHP servers.

iptables -A OUTPUT -p tcp --dport 3306 -j DROP

🧯 If You Can't Patch

  • Isolate PHP servers from untrusted networks and external MySQL servers.
  • Implement application-level encryption for sensitive data transmitted to MySQL.

🔍 How to Verify

Check if Vulnerable:

Run php -v and check if version is in affected range: 8.1.0-8.1.30, 8.2.0-8.2.25, 8.3.0-8.3.13.

Check Version:

php -v | head -1

Verify Fix Applied:

Confirm php -v shows 8.1.31+, 8.2.26+, or 8.3.14+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual MySQL connection attempts from PHP to external IPs
  • Errors in PHP logs related to MySQL memory allocation

Network Indicators:

  • PHP servers making MySQL connections to untrusted external IPs

SIEM Query:

source="php.log" AND "mysql_connect" AND dest_ip NOT IN (trusted_mysql_ips)

📊 Metadata

CVE ID: CVE-2024-8929
CVSS v3 Score: 5.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-125
Published: November 22, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8929, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)