CVE-2022-31625

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31625

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31625.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-31625

Aliases

Downstream

DEBIAN-CVE-2022-31625

DLA-3243-1

DSA-5179-1

OESA-2022-1721

RHSA-2022:5491

RHSA-2022:6158

RHSA-2022:7624

RHSA-2022:8197

SUSE-SU-2022:2161-1

SUSE-SU-2022:2183-1

SUSE-SU-2022:2185-1

SUSE-SU-2022:2275-1

SUSE-SU-2022:2292-1

SUSE-SU-2022:2303-1

SUSE-SU-2022:3997-1

SUSE-SU-2022:4067-1

SUSE-SU-2022:4068-1

SUSE-SU-2022:4069-1

UBUNTU-CVE-2022-31625

USN-5479-1

USN-5479-2

USN-5479-3

openSUSE-SU-2024:13267-1

Related

Published

2022-06-16T06:15:08Z

Modified

2025-08-11T14:44:38.539304Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

3c7824e16ec4c3cee417262445d2c2b66531c10f

Fixed

c94d7983d35736b710bf0689c5cb78d0396984d9