DEBIAN-CVE-2022-31625
Advisory lineage Upstream: 1 Downstream: 2
Upstream
Downstream
Published: 16 Jun 2022, 06:15
Last modified:28 Apr 2026, 20:24
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
8.1 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Jun 2022, 06:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:24
Last Modified
Vulnerability information updated
Description
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
CVSS Metrics
- v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- debian•php7.4
< 7.4.30-1+deb11u1