CVE-2024-8925

Public on 2024-09-27

Modified on 2024-10-09

Description

Erroneous parsing of multipart form data

NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
NOTE: https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24)

Severity

Low

See what this means

CVSS v3 Base Score

3.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Php8.1 Extra	php	2025-02-12 23:07	ALAS2PHP8.1-2025-006
Amazon Linux 2 - Php8.2 Extra	php	2025-02-12 23:07	ALAS2PHP8.2-2025-006
Amazon Linux 2023	php8.1	2025-02-12 22:57	ALAS2023-2025-845
Amazon Linux 2023	php8.2	2025-02-26 23:14	ALAS2023-2025-872
Amazon Linux 2023	php8.3	2025-02-26 23:14	ALAS2023-2025-873

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	3.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
NVD	CVSSv3	3.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Red Hat: CVE-2024-8925 Mitre: CVE-2024-8925 FAQs regarding Amazon Linux ALAS/CVE Severity

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

CVE-2024-8925

Affected Packages

CVSS Scores

References