Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Remediation

References

CVE-2022-31625

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4421)

TYPO3 CVE-2023-38499 Vulnerability (CVE-2023-38499)

WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.3)

Ruby on Rails Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4111)

WordPress Plugin WP Job Manager Privilege Escalation (1.34.4)

Severity

High

Classification

CVE-2022-31625 CWE-763 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities