CVE-2022-31625
16.06.2022, 06:15
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.Enginsight
| Vendor | Product | Version |
|---|---|---|
| php | php | 7.4.0 ≤ 𝑥 < 7.4.30 |
| php | php | 8.0.0 ≤ 𝑥 < 8.0.20 |
| php | php | 8.1.0 ≤ 𝑥 < 8.1.7 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| php5 |
| ||||||||||||||||||||
| php7.0 |
| ||||||||||||||||||||
| php7.2 |
| ||||||||||||||||||||
| php7.4 |
| ||||||||||||||||||||
| php8.0 |
| ||||||||||||||||||||
| php8.1 |
|
Common Weakness Enumeration
- CWE-590 - Free of Memory not on the HeapThe application calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().
- CWE-763 - Release of Invalid Pointer or ReferenceThe application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
References