CVE-2024-8925
Publication date 27 September 2024
Last updated 9 October 2024
Ubuntu priority
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| php5 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 14.04 LTS trusty |
Needs evaluation
|
|
| php7.0 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 16.04 LTS xenial |
Needs evaluation
|
|
| php7.2 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| php7.4 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 7.4.3-4ubuntu2.24
|
|
| php8.1 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy |
Fixed 8.1.2-1ubuntu2.19
|
|
| 20.04 LTS focal | Not in release | |
| php8.3 | 24.04 LTS noble |
Fixed 8.3.6-0ubuntu0.24.04.2
|
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release |
References
Related Ubuntu Security Notices (USN)
- USN-7049-1
- PHP vulnerabilities
- 1 October 2024