Home

CVE-2022-31625

Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.766

Associated Vulnerability

VulnerabilityOS Platform
HTML-embedded scripting language interpreter (USN-5479-1) php7.2-mysql_7.2.24-0ubuntu0.18.04.12_i386.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.2-mysql_7.2.24-0ubuntu0.18.04.12_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.4-mysql_7.4.3-4ubuntu2.12_i386.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.4-mysql_7.4.3-4ubuntu2.12_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.4-pgsql_7.4.3-4ubuntu2.12_i386.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.4-pgsql_7.4.3-4ubuntu2.12_amd64.debLinux
php7.4 security update(DSA-5179-1) php7.4_7.4.30-1+deb11u1_all.debLinux
(RHSA-2022:6158) php:7.4 security update php-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-bcmath-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-cli-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-common-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-dba-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-dbg-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-debugsource-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-devel-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-embedded-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-enchant-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-ffi-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-fpm-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-gd-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-gmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-intl-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-json-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-ldap-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-mbstring-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-mysqlnd-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-odbc-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-opcache-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-pdo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-pgsql-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-process-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-snmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-soap-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-xml-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
(RHSA-2022:6158) php:7.4 security update php-xmlrpc-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpmLinux
Apcu-panel update (ELSA-2022-6158) apcu-panel-5.1.18-1.module+el8.3.0+7685+72d70b58.noarch.rpmLinux
Libzip update (ELSA-2022-6158) libzip-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Libzip-devel update (ELSA-2022-6158) libzip-devel-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Libzip-tools update (ELSA-2022-6158) libzip-tools-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php update (ELSA-2022-6158) php-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-bcmath update (ELSA-2022-6158) php-bcmath-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-cli update (ELSA-2022-6158) php-cli-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-common update (ELSA-2022-6158) php-common-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-dba update (ELSA-2022-6158) php-dba-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-dbg update (ELSA-2022-6158) php-dbg-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-devel update (ELSA-2022-6158) php-devel-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-embedded update (ELSA-2022-6158) php-embedded-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-enchant update (ELSA-2022-6158) php-enchant-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-ffi update (ELSA-2022-6158) php-ffi-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-fpm update (ELSA-2022-6158) php-fpm-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-gd update (ELSA-2022-6158) php-gd-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-gmp update (ELSA-2022-6158) php-gmp-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-intl update (ELSA-2022-6158) php-intl-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-json update (ELSA-2022-6158) php-json-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-ldap update (ELSA-2022-6158) php-ldap-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-mbstring update (ELSA-2022-6158) php-mbstring-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-mysqlnd update (ELSA-2022-6158) php-mysqlnd-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-odbc update (ELSA-2022-6158) php-odbc-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-opcache update (ELSA-2022-6158) php-opcache-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-pdo update (ELSA-2022-6158) php-pdo-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-pear update (ELSA-2022-6158) php-pear-1.10.12-1.module+el8.3.0+7685+72d70b58.noarch.rpmLinux
Php-pecl-apcu update (ELSA-2022-6158) php-pecl-apcu-5.1.18-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pecl-apcu-devel update (ELSA-2022-6158) php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pecl-rrd update (ELSA-2022-6158) php-pecl-rrd-2.0.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pecl-xdebug update (ELSA-2022-6158) php-pecl-xdebug-2.9.5-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pecl-zip update (ELSA-2022-6158) php-pecl-zip-1.18.2-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pgsql update (ELSA-2022-6158) php-pgsql-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-process update (ELSA-2022-6158) php-process-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-snmp update (ELSA-2022-6158) php-snmp-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-soap update (ELSA-2022-6158) php-soap-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-xml update (ELSA-2022-6158) php-xml-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
Php-xmlrpc update (ELSA-2022-6158) php-xmlrpc-7.4.19-4.module+el8.6.0+20726+4425c569.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-bcmath-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-cli-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-common-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-dba-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-dbg-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-debugsource-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-devel-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-embedded-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-enchant-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-ffi-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-fpm-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-gd-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-gmp-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-intl-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-ldap-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-mbstring-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-mysqlnd-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-odbc-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-opcache-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-pdo-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-pgsql-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-process-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-snmp-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-soap-8.0.20-3.el9.x86_64.rpmLinux
(RHSA-2022:8197) php security, bug fix, and enhancement update php-xml-8.0.20-3.el9.x86_64.rpmLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.2-mysql_7.2.24-0ubuntu0.18.04.12_i386.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.2-mysql_7.2.24-0ubuntu0.18.04.12_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.4-mysql_7.4.3-4ubuntu2.12_i386.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.4-mysql_7.4.3-4ubuntu2.12_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.4-pgsql_7.4.3-4ubuntu2.12_i386.debLinux
HTML-embedded scripting language interpreter (USN-5479-1) php7.4-pgsql_7.4.3-4ubuntu2.12_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5479-3) php7.2-pgsql_7.2.24-0ubuntu0.18.04.13_i386.debLinux
HTML-embedded scripting language interpreter (USN-5479-3) php7.2-pgsql_7.2.24-0ubuntu0.18.04.13_amd64.debLinux
Release of Invalid Pointer or Reference Vulnerability (CVE-2022-31625)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234