CVE-2022-31625
Published: 13 June 2022
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Priority
CVSS 3 base score: 8.1
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
php7.0 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(7.0.33-0ubuntu0.16.04.16+esm4)
|
|
php7.2 Launchpad, Ubuntu, Debian |
bionic |
Released
(7.2.24-0ubuntu0.18.04.12)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
php7.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Released
(7.4.3-4ubuntu2.12)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(7.4.30)
|
|
xenial |
Does not exist
|
|
Patches: upstream: https://github.com/php/php-src/commit/55f6895f4b4c677272fd4ee1113acdbd99c4b5ab |
||
php8.0 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Released
(8.0.8-1ubuntu0.4)
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(8.0.20)
|
|
xenial |
Does not exist
|
|
php8.1 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Released
(8.1.2-1ubuntu2.1)
|
|
kinetic |
Released
(8.1.5-1ubuntu2)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(8.1.7)
|
|
xenial |
Does not exist
|