Описание
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
A flaw was found in PHP. When the PDO (PHP Data Objects) PostgreSQL driver is configured with PDO::ATTR_EMULATE_PREPARES enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference, leading to a server crash. The primary impact is a Denial of Service (DoS), affecting the availability of the target server.
Отчет
This vulnerability is rated Important for Red Hat because it can lead to a Denial of Service in PHP applications utilizing the PDO PostgreSQL driver. Exploitation requires the PDO::ATTR_EMULATE_PREPARES option to be explicitly enabled, allowing a remote attacker to crash the server by providing a specially crafted invalid character sequence in a prepared statement parameter.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | php8.4 | Affected | ||
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.4/php | Not affected | ||
| Red Hat Enterprise Linux 9 | php | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/code-rhel9 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces-tech-preview/idea-rhel9 | Will not fix | ||
| Red Hat Enterprise Linux 10 | php | Fixed | RHSA-2026:1628 | 02.02.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | php | Fixed | RHSA-2026:1185 | 26.01.2026 |
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2026:1412 | 27.01.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...
EPSS
7.5 High
CVSS3