Description
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2002-1630)
WordPress Plugin Strong Testimonials Cross-Site Scripting (2.40.0)
WordPress Plugin WP Statistics Cross-Site Scripting (8.3)
OpenSSL Improper Input Validation Vulnerability (CVE-2015-1787)
Jboss EAP 7PK - Security Features Vulnerability (CVE-2015-5178)