{
  "threat_severity" : "Low",
  "public_date" : "2024-10-08T04:15:11Z",
  "bugzilla" : {
    "description" : "php: PHP-FPM Log Manipulation Vulnerability",
    "id" : "2317144",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2317144"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "(CWE-117|CWE-158)",
  "details" : [ "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.", "A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data manipulation is possible via the same vector." ],
  "statement" : "This vulnerability only affects configurations with the `catch_workers_output` directive enabled or set to yes in the configuration file. This option is disabled by default.\nAdditionally, if the `error_log` directive is set to `syslog`, the logs are being sent to syslogd instead of a regular file, allowing further log data manipulation.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10951",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "php:8.2-8100020241112130045.f7998665"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10952",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "php:7.4-8100020241113075828.f7998665"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10949",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "php:8.2-9050020241112094217.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10950",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "php:8.1-9050020241112144108.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:7315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "php-0:8.0.30-2.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "php:8.0/php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-9026\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9026\nhttps://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5" ],
  "name" : "CVE-2024-9026",
  "csaw" : false
}