8.1

CVE-2022-31625

Exploit

Freeing unallocated memory in php_pgsql_free_params()

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 7.4.0 < 7.4.30
PhpPhp Version >= 8.0.0 < 8.0.20
PhpPhp Version >= 8.1.0 < 8.1.7
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.44% 0.874
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
security@php.net 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-590 Free of Memory not on the Heap

The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().

CWE-763 Release of Invalid Pointer or Reference

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://security.gentoo.org/glsa/202209-20
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html
Third Party Advisory
Mailing List
https://bugs.php.net/bug.php?id=81720
Patch
Vendor Advisory
Exploit
Mailing List
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
https://security.netapp.com/advisory/ntap-20220722-0005/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5179
Third Party Advisory