{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31625", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "datePublished": "2022-06-16T05:45:15.228019Z", "dateUpdated": "2024-09-16T18:35:01.122Z", "dateReserved": "2022-05-25T00:00:00"}, "containers": {"cna": {"title": "Freeing unallocated memory in php_pgsql_free_params()", "datePublic": "2022-06-06T00:00:00", "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2022-12-15T00:00:00"}, "descriptions": [{"lang": "en", "value": "In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service."}], "affected": [{"vendor": "PHP Group", "product": "PHP", "versions": [{"version": "7.4.X", "status": "affected", "lessThan": "7.4.30", "versionType": "custom"}, {"version": "8.0.X", "status": "affected", "lessThan": "8.0.20", "versionType": "custom"}, {"version": "8.1.X", "status": "affected", "lessThan": "8.1.7", "versionType": "custom"}]}], "references": [{"url": "https://bugs.php.net/bug.php?id=81720"}, {"name": "FEDORA-2022-0a96e5b9b1", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/"}, {"name": "FEDORA-2022-f3fc52428e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/"}, {"name": "DSA-5179", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5179"}, {"url": "https://security.netapp.com/advisory/ntap-20220722-0005/"}, {"name": "GLSA-202209-20", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202209-20"}, {"name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"}], "credits": [{"lang": "en", "value": "c dot fol at ambionics dot io"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-590 Free of Memory not on the Heap", "cweId": "CWE-590"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-824 Access of Uninitialized Pointer", "cweId": "CWE-824"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["https://bugs.php.net/bug.php?id=81720"], "discovery": "EXTERNAL"}, "configurations": [{"lang": "en", "value": "pgsql extension enabled"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:00.936Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.php.net/bug.php?id=81720", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-0a96e5b9b1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/"}, {"name": "FEDORA-2022-f3fc52428e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/"}, {"name": "DSA-5179", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5179"}, {"url": "https://security.netapp.com/advisory/ntap-20220722-0005/", "tags": ["x_transferred"]}, {"name": "GLSA-202209-20", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202209-20"}, {"name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "978FBB35-7734-45B2-9400-25DF82F5D207", "versionEndExcluding": "7.4.30", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "5107CDF9-45B3-4553-B560-146921D77F9C", "versionEndExcluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B060E29-B7F6-4C52-B958-F77218669AFF", "versionEndExcluding": "8.1.7", "versionStartIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service."}, {"lang": "es", "value": "En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando es usada la extensi\u00f3n de la base de datos Postgres, el suministro de par\u00e1metros no v\u00e1lidos a la consulta parametrizada puede conllevar que PHP intente liberar memoria usando datos no inicializados como punteros. Esto podr\u00eda conllevar a una vulnerabilidad RCE o una denegaci\u00f3n de servicio"}], "id": "CVE-2022-31625", "lastModified": "2023-11-07T03:47:39.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@php.net", "type": "Secondary"}]}, "published": "2022-06-16T06:15:08.623", "references": [{"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Mailing List", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=81720"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-20"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220722-0005/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5179"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-590"}, {"lang": "en", "value": "CWE-824"}], "source": "security@php.net", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:6158", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:7.4-8060020220811045407.5caa48ff", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-24T00:00:00Z"}, {"advisory": "RHSA-2022:7624", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:8.0-8070020220801083134.afd00e68", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:8197", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php-0:8.0.20-3.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:5491", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php73-php-0:7.3.33-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2022-07-04T00:00:00Z"}], "bugzilla": {"description": "php: Uninitialized array in pg_query_params() leading to RCE", "id": "2098521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098521"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-824", "details": ["In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.", "A vulnerability was found in PHP due to an uninitialized array in pg_query_params() function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote attacker with the ability to control query parameters to execute arbitrary code on the system or may cause a denial of service."], "name": "CVE-2022-31625", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-05-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-31625\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31625\nhttps://bugs.php.net/bug.php?id=81720"], "statement": "This CVE rated as moderate because attack complexity is high, and creating/supplying invalid parameters is complex while using a Postgres database extension.", "threat_severity": "Moderate", "upstream_fix": "php 7.4.30, php 8.0.20, php 8.1.7"}