CVE-2022-31625
Summary
| CVE | CVE-2022-31625 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-16 06:15:00 UTC |
| Updated | 2023-11-07 03:47:00 UTC |
| Description | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. |
Risk And Classification
Problem Types: CWE-763
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Application | Php | Php | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PHP: Multiple Vulnerabilities (GLSA 202209-20) — Gentoo security | GENTOO | security.gentoo.org | |
| PHP :: Sec Bug #81720 :: Uninitialized array in pg_query_params() leading to RCE | MISC | bugs.php.net | |
| July 2022 PHP Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 36 Update: php-8.1.7-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Debian -- Security Information -- DSA-5179-1 php7.4 | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 36 Update: php-8.1.7-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: php-8.0.20-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: php-8.0.20-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] [DLA 3243-1] php7.3 security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: c dot fol at ambionics dot io
Legacy QID Mappings
- 150542 PHP Multiple Remote Code Execution Vulnerabilities (CVE-2022-31626,CVE-2022-31625)
- 160066 Oracle Enterprise Linux Security Update for php:7.4 (ELSA-2022-6158)
- 160246 Oracle Enterprise Linux Security Update for php:8.0 (ELSA-2022-7624)
- 160289 Oracle Enterprise Linux Security Update for Hypertext Preprocessor (PHP) (ELSA-2022-8197)
- 180815 Debian Security Update for php7.4 (DSA 5179-1)
- 181332 Debian Security Update for php7.3 (DLA 3243-1)
- 198831 Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5479-1)
- 240535 Red Hat Update for rh-php73-php (RHSA-2022:5491)
- 240623 Red Hat Update for php:7.4 (RHSA-2022:6158)
- 240853 Red Hat Update for php:8.0 security (RHSA-2022:7624)
- 240866 Red Hat Update for Hypertext Preprocessor (PHP) security (RHSA-2022:8197)
- 282833 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-f3fc52428e)
- 282834 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-0a96e5b9b1)
- 296084 Oracle Solaris 11.4 Support Repository Update (SRU) 50.126.3 Missing (CPUOCT2022)
- 356076 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-006
- 356087 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-006
- 356771 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALAS2-2023-2375
- 377358 Alibaba Cloud Linux Security Update for php:7.4 (ALINUX3-SA-2022:0157)
- 38872 Multiple Vulnerabilities in Hypertext Preprocessor (PHP)
- 38883 Hypertext Preprocessor (PHP) Multiple Security Vulnerabilities (81719, 81720)
- 502333 Alpine Linux Security Update for php81
- 502516 Alpine Linux Security Update for php7
- 502517 Alpine Linux Security Update for php8
- 502567 Alpine Linux Security Update for php7
- 502574 Alpine Linux Security Update for php8
- 502912 Alpine Linux Security Update for php81
- 503680 Alpine Linux Security Update for php8
- 505791 Alpine Linux Security Update for php81
- 672018 EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2022-2229)
- 710633 Gentoo Linux Hypertext Preprocessor (PHP) Multiple Vulnerabilities (GLSA 202209-20)
- 752263 SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2022:2161-1)
- 752270 SUSE Enterprise Linux Security Update for php72 (SUSE-SU-2022:2183-1)
- 752271 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:2185-1)
- 752289 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:2275-1)
- 752863 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:3997-1)
- 752878 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4067-1)
- 752898 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4069-1)
- 752901 SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2022:4068-1)
- 753278 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:2292-1)
- 753350 SUSE Enterprise Linux Security Update for php8 (SUSE-SU-2022:2303-1)
- 902355 Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (9943)
- 940643 AlmaLinux Security Update for php:7.4 (ALSA-2022:6158)
- 940757 AlmaLinux Security Update for php:8.0 (ALSA-2022:7624)
- 940810 AlmaLinux Security Update for Hypertext Preprocessor (PHP) (ALSA-2022:8197)
- 960326 Rocky Linux Security Update for php:7.4 (RLSA-2022:6158)
- 960472 Rocky Linux Security Update for Hypertext Preprocessor (PHP) (RLSA-2022:8197)