BIT-php-2022-31625

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/php/BIT-php-2022-31625.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-php-2022-31625

Aliases

CVE-2022-31625

Published

2024-03-06T11:04:24.882Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

References

https://bugs.php.net/bug.php?id=81720
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
https://security.gentoo.org/glsa/202209-20
https://security.netapp.com/advisory/ntap-20220722-0005/
https://www.debian.org/security/2022/dsa-5179

Affected packages

Bitnami / php

Package

Name: php
Purl: pkg:bitnami/php

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.4.0

Fixed

7.4.30

Introduced

8.0.0

Fixed

8.0.20

Introduced

8.1.0

Fixed

8.1.7