Vulnerability Details : CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Vulnerability category: Denial of service
Threat overview for CVE-2022-31625
Top countries where our scanners detected CVE-2022-31625
Top open port discovered on systems with this issue
80
IPs affected by CVE-2022-31625 168,450
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2022-31625!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2022-31625
Probability of exploitation activity in the next 30 days: 0.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-31625
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
nvd@nist.gov |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
nvd@nist.gov |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
security@php.net |
CWE ids for CVE-2022-31625
-
The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().Assigned by: security@php.net (Secondary)
-
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.Assigned by: nvd@nist.gov (Primary)
-
The product accesses or uses a pointer that has not been initialized.Assigned by: security@php.net (Secondary)
References for CVE-2022-31625
-
https://security.gentoo.org/glsa/202209-20
PHP: Multiple Vulnerabilities (GLSA 202209-20) — Gentoo securityThird Party Advisory
-
https://bugs.php.net/bug.php?id=81720
PHP :: Sec Bug #81720 :: Uninitialized array in pg_query_params() leading to RCEExploit;Issue Tracking;Mailing List;Patch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html
[SECURITY] [DLA 3243-1] php7.3 security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5179
Debian -- Security Information -- DSA-5179-1 php7.4Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
[SECURITY] Fedora 35 Update: php-8.0.20-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220722-0005/
July 2022 PHP Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
[SECURITY] Fedora 36 Update: php-8.1.7-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Products affected by CVE-2022-31625
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*