In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
References
Link | Resource |
---|---|
https://bugs.php.net/bug.php?id=81720 | Exploit Issue Tracking Mailing List Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/ | |
https://security.gentoo.org/glsa/202209-20 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220722-0005/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5179 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: php
Published: 2022-06-06T00:00:00
Updated: 2022-12-15T00:00:00
Reserved: 2022-05-25T00:00:00
Link: CVE-2022-31625
JSON object: View
NVD Information
Status : Modified
Published: 2022-06-16T06:15:08.623
Modified: 2023-11-07T03:47:39.820
Link: CVE-2022-31625
JSON object: View
Redhat Information
No data.