CVE-2022-31625

Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

CVSS Metrics

• v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 1.48%• Percentile: 81%

Techniques & Countermeasures

• CWE-763•Release of Invalid Pointer or Reference

  The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

• CWE-590•Free of Memory not on the Heap

  The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().

• CWE-824•Access of Uninitialized Pointer

  The product accesses or uses a pointer that has not been initialized.

Affected Systems

• debian•debian_linux

  10.0 | 11.0

• Unknown•PHP

  ≥ 7.4.X, < 7.4.30 | ≥ 8.0.X, < 8.0.20 | ≥ 8.1.X, < 8.1.7

• Unknown•PHP

  ≥ 7.4.0, < 7.4.30 | ≥ 8.0.0, < 8.0.20 | ≥ 8.1.0, < 8.1.7

References (7)

• https://bugs.php.net/bug.php?id=81720
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
• https://www.debian.org/security/2022/dsa-5179
• https://security.netapp.com/advisory/ntap-20220722-0005/
• https://security.gentoo.org/glsa/202209-20
• https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html