发布时间: 2024年10月12日
修改时间: 2024年10月12日
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Local | Local |
| CVSS评分 | 3.3 | 3.3 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | Low | Low |
| User Interaction | None | None |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-4097 | php security update | 2025年2月8日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | php | Fixed |
| KY3.5.2 | php | Fixed |
| KY3.5.3 | php | Fixed |
| V6 | php | Fixed |
