Open Nav
Sign Up

PHP Multi-Vulnerability Advisory (CVE-2024-8932, CVE-2024-8929, Others)

Bar Refael

November 27, 2024

The PHP development team has issued a critical update addressing multiple vulnerabilities in versions prior to 8.1.31, 8.2.26, and 8.3.14. These vulnerabilities include out-of-bounds access, integer overflows, buffer over-reads, and CRLF injection. Failure to patch these issues could allow attackers to execute arbitrary code, leak sensitive data, or perform denial-of-service (DoS) attacks.

The most severe vulnerabilities include:

  • CVE-2024-8932: Out-of-bounds write in ldap_escape function (CVSS: 9.8).
  • CVE-2024-8929: Heap buffer over-read in MySQL connections.

Key Details

CVE-2024-8932

  • Severity: Critical (CVSS: 9.8)
  • Vulnerability Type: Out-of-bounds write
  • Description: On 32-bit systems, uncontrolled long string inputs to the ldap_escape function can cause an integer overflow, resulting in an out-of-bounds memory write. This could allow attackers to execute arbitrary code on the affected system.

CVE-2024-8929

  • Severity: High
  • Vulnerability Type: Heap buffer over-read
  • Description: Exploited by connecting to a fake MySQL server or tampering with network packets. Using PHP-FPM (persistent between requests), attackers can extract the previous SQL query’s response data, leading to sensitive data leakage.

Other Vulnerabilities

  • CVE-2024-11233:
    • Vulnerability: Single-byte over-read in convert.quoted-printable-decode filter.
    • Impact: Information leakage or denial-of-service.
  • CVE-2024-11236:
    • Vulnerability: Integer overflow in Firebird/dblib quoters.
    • Impact: Out-of-bounds writes, potential for memory corruption.
  • CVE-2024-11234:
    • Vulnerability: CRLF injection in stream proxy configuration.
    • Impact: HTTP request smuggling, bypassing security controls.

Affected Versions

  • All PHP versions prior to:
    • 8.1.31
    • 8.2.26
    • 8.3.14

Impact Assessment

  • Risk Level: Critical
  • Potential Impacts:
    • Code Execution: CVE-2024-8932 allows attackers to execute arbitrary code.
    • Data Leakage: CVE-2024-8929 exposes sensitive data from heap memory.
    • Denial-of-Service: Multiple vulnerabilities can crash PHP processes.
    • HTTP Request Smuggling: Exploitation of CVE-2024-11234 could lead to unauthorized data access.

Mitigation and Recommendations

1. Immediate Update

Upgrade PHP installations to the latest versions:

  • 8.1.31, 8.2.26, or 8.3.14.

2. Apply Security Best Practices

  • Ensure systems use 64-bit architecture where possible to mitigate specific vulnerabilities like CVE-2024-8932.
  • Limit exposure of PHP services to the internet.

3. Monitor and Secure SQL Interactions

  • Harden SQL configurations to prevent exploitation of CVE-2024-8929, especially when using PHP-FPM.

4. Secure Proxy Configurations

  • Avoid using vulnerable stream proxy setups that may lead to CRLF injection (CVE-2024-11234).

Indicators of Compromise (IoCs)

  • Unexpected crashes or process termination in PHP services.
  • Unusual traffic to or from SQL servers or proxy configurations.
  • Evidence of out-of-bounds memory access errors in system logs.

Action Plan

  1. Audit existing PHP installations for affected versions.
  2. Immediately apply updates to the latest secured versions.
  3. Validate application and system functionality post-update to ensure compatibility.
  4. Monitor for signs of exploitation using tools like application logs and network monitoring solutions.

Stay Secure. Stay Informed.

OP Innovate Research Team.

Under Cyber Attack?

Fill out the form and we will contact you immediately.