CVE-2022-31626

Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
• v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6AV:N/AC:M/Au:S/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 10.24%• Percentile: 93%

Techniques & Countermeasures

• CWE-120•Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Affected Systems

• debian•debian_linux

  10.0 | 11.0

• Unknown•PHP

  ≥ 7.4.X, < 7.4.30 | ≥ 8.0.X, < 8.0.20 | ≥ 8.1.X, < 8.1.7

• Unknown•PHP

  ≥ 7.4.0, < 7.4.30 | ≥ 8.0.0, < 8.0.20 | ≥ 8.1.0, < 8.1.7

References (7)

• https://bugs.php.net/bug.php?id=81719
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
• https://www.debian.org/security/2022/dsa-5179
• https://security.netapp.com/advisory/ntap-20220722-0005/
• https://security.gentoo.org/glsa/202209-20
• https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html