Fluid Attacks Database

Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	php7.4	=7.4.21-1+deb11u1 \|\| =7.4.25-1+deb11u1 \|\| =7.4.26-1 \|\| =7.4.28-1+deb11u1 \|\| >=0 <7.4.30-1+deb11u1	7.4.30-1+deb11u1
rpm rhel8	php	<0:7.4.19-4.module+el8.6.0+16316+906f6c6d	0:7.4.19-4.module+el8.6.0+16316+906f6c6d
rpm rhel9	php	<0:8.0.20-3.el9	0:8.0.20-3.el9

Aliases

1. CVE-2022-316252. NVD-2022-316253. OSV-DEBIAN-2022-316254. OSV-2022-316255. SECURITY-TRACKER-CVE-2022-31625

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.