Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Remediation

References

CVE-2022-31625

Related Vulnerabilities

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21706)

Moodle Incorrect Default Permissions Vulnerability (CVE-2012-1157)

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-0718)

WordPress Plugin AJAX Post Search 'srch_txt' Parameter SQL Injection (1.2)

MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9071)

Severity

High

Classification

CVE-2022-31625 CWE-763 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities