CVE-2022-31625

Summary

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.4.X < 7.4.30affected
PHP GroupPHP8.0.X < 8.0.20affected
PHP GroupPHP8.1.X < 8.1.7affected

Weaknesses

  • CWE-590: CWE-590 Free of Memory not on the Heap
  • CWE-824: CWE-824 Access of Uninitialized Pointer

ADP Enrichment

CVE Program Container

Additional References

References