A vulnerability was found in PHP due to an uninitialized array in pg_query_params() function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote attacker with the ability to control query parameters to execute arbitrary code on the system or may cause a denial of service. (CVE-2022-31625) A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlnd_wireprotocol.c. When using the pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply a password to the host for the connection, a password of excessive length can trigger a buffer overflow in PHP. This flaw allows a remote malicious user to pass a password (with an excessive length) via PDO to the MySQL server, triggering arbitrary code execution on the target system. (CVE-2022-31626)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |