Описание
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
A flaw was found in PHP. Missing error checking could result in SQL injection, and missing error handling could lead to crashes due to null pointer dereferences.
Меры по смягчению последствий
Currently, no mitigation is currently available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | php | Fix deferred | ||
| Red Hat Enterprise Linux 6 | php | Fix deferred | ||
| Red Hat Enterprise Linux 7 | php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:7.4/php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:8.2/php | Fix deferred | ||
| Red Hat Enterprise Linux 9 | php | Fix deferred | ||
| Red Hat Enterprise Linux 9 | php:8.2/php | Fix deferred | ||
| Red Hat Enterprise Linux 9 | php:8.3/php | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...
EPSS
5.9 Medium
CVSS3