Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlnd_wireprotocol.c. When using the pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply a MySQL database server password in the mysqlnd driver to the host for the connection, a password of excessive length can trigger a buffer overflow in PHP. This flaw allows a remote attacker to pass a password (with an excessive length) via PDO to the MySQL server, triggering arbitrary code execution on the target system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2022:5467 | 30.06.2022 |
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2022:5468 | 30.06.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | php | Fixed | RHSA-2022:5471 | 30.06.2022 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2022:5904 | 04.08.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php73-php | Fixed | RHSA-2022:5491 | 04.07.2022 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...
8.8 High
CVSS3