CVE-2024-8932
OOB access in ldap_escapeIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
We have discovered 319,905 live websites that are affected by CVE-2024-8932.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 319,905 live websites (4.19% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 71 versions ( 14% of all versions) |
Common Weakness Enumeration
CWE-787 Out-of-bounds WriteDetails
- Published - Nov 22, 2024
- Updated - Nov 3, 2025
Credits
- Yiheng Cao (reporter)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-8932 United States | 72,951 websites |
 France | 81,872 websites |
 Sweden | 18,229 websites |
 Russia | 17,658 websites |
 Netherlands | 13,144 websites |
 Germany | 12,568 websites |
 Brazil | 10,676 websites |
 Australia | 8,824 websites |
 GB | 7,237 websites |
 Italy | 6,423 websites |
Website Distribution by TLD
Number of websites using CVE-2024-8932| .com | 115,183 websites |
| .fr | 33,543 websites |
| .ru | 15,152 websites |
| .org | 14,590 websites |
| .se | 12,638 websites |
| .nl | 11,436 websites |
| .com.br | 9,381 websites |
| .net | 9,320 websites |
| .com.au | 6,143 websites |
| .de | 6,088 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8932
Top websites that are affected by CVE-2024-8932. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****************.com | United States | *,*** | |
| ********.********.it | Italy | *,*** | |
| ****.*****.com | United States | *,*** | |
| *******.com | Germany | *,*** | |
| ******.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| ***.com | Germany | *,*** | |
| *****.com |  Japan | *,*** | |
| ***********************.com | United States | *,*** | |
| **********.edu | United States | *,*** |
FAQ
CVE-2024-8932 is Out-of-bounds Write in PHP
A total of 319,905 websites have been identified as vulnerable to CVE-2024-8932, based on global website indexing conducted by WebTechSurvey.
The PHP is affected by the CVE-2024-8932 vulnerability.
PHP versions up to 8.3.14 are vulnerable to CVE-2024-8932.
CVE-2024-8932 is resolved in version 8.3.14 of PHP.