Published: 16/06/2022 Updated: 07/11/2023

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 535

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

A vulnerability was found in PHP due to an uninitialized array in pg_query_params() function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote attacker with the ability to control query parameters to execute arbitrary code on the system or may cause a denial of service. (CVE-2022-31625) A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlnd_wireprotocol.c. When using the pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply a password to the host for the connection, a password of excessive length can trigger a buffer overflow in PHP. This flaw allows a remote malicious user to pass a password (with an excessive length) via PDO to the MySQL server, triggering arbitrary code execution on the target system. (CVE-2022-31626)

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #1014533 php81: CVE-2022-31625 CVE-2022-31626 Package: src:php81; Maintainer for src:php81 is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 7 Jul 2022 15:45:09 UTC Severity: important Tags: security Fixed in version ...

Charles Fol discovered two security issues in PHP, a widely-used open source general purpose scripting language which could result an denial of service or potentially the execution of arbitrary code: CVE-2022-31625 Incorrect memory handling in the pg_query_params() function CVE-2022-31626 A buffer overflow in the mysqld extension For th ...

Several security issues were fixed in PHP ...

USN-5479-1 was incomplete and didn’t properly fix one of the addressed issues ...

Synopsis Important: rh-php73-php security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-php73-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated ...

Synopsis Important: php:74 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:74 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...

Synopsis Important: php:74 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:74 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Securi ...

Synopsis Important: php:80 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:80 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...

Synopsis Important: php security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for php is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...

A vulnerability was found in PHP due to an uninitialized array in pg_query_params() function When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers This flaw allows a remote attacker with the ability to control query parame ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2767 php7 7429-1 7430-1 Unknown Vulnerable AVG-2768 php 816-2 817-1 Unknown Fixed ...

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...

PHP binary bugs advisory

Advisory of Exploits AI POP Builder Collection of PHP binary bugs advisory Unfixed GMP Type confusion in unserialize Idea: bypass delayed __wakeup and exploit unfixed GMP type confusion bug in PHP <= 5640 POC source: GMP_type_conf_POCphp Advisory CVE-2022-31626 analysis Idea: heap buffer overflow in mysqlnd, PHP <= 7429 POC source: /cve_2022_31626_remote_exp

CVE-2022-31626

CWE-120 https://bugs.php.net/bug.php?id=81719 https://www.debian.org/security/2022/dsa-5179 https://security.netapp.com/advisory/ntap-20220722-0005/https://security.gentoo.org/glsa/202209-20 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014533 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5479-1 https://www.debian.org/security/2022/dsa-5179 https://alas.aws.amazon.com/AL2/ALASPHP8.0-2023-006.html

Get Started

CVE-2022-31626

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect