CVE-2022-31625

Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Related CPE's

aphpphp********

aphpphp********

aphpphp********

References

https://bugs.php.net/bug.php?id=81720

ExploitIssue TrackingMailing ListPatchVendor Advisory

FEDORA-2022-f3fc52428e

Mailing ListThird Party Advisory

FEDORA-2022-0a96e5b9b1

Mailing ListThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

6.800000190734863

VectorString

AV:N/AC:M/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io