Unrated severityNVD Advisory· Published Jun 16, 2022· Updated Sep 16, 2024

Freeing unallocated memory in php_pgsql_free_params()

CVE-2022-31625

Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Affected products

Php Group/PHPv5
Range: 7.4.X

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/mitrevendor-advisory
security.gentoo.org/glsa/202209-20mitrevendor-advisory
www.debian.org/security/2022/dsa-5179mitrevendor-advisory
lists.debian.org/debian-lts-announce/2022/12/msg00030.htmlmitremailing-list
bugs.php.net/bug.phpmitre
security.netapp.com/advisory/ntap-20220722-0005/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000