Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-1735

Опубликовано: 05 июл. 2025
Источник: redhat
CVSS3: 5.9

Описание

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

A flaw was found in PHP. Missing error checking could result in SQL injection, and missing error handling could lead to crashes due to null pointer dereferences.

Меры по смягчению последствий

Currently, no mitigation is currently available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10phpFix deferred
Red Hat Enterprise Linux 6phpFix deferred
Red Hat Enterprise Linux 7phpFix deferred
Red Hat Enterprise Linux 8php:7.4/phpFix deferred
Red Hat Enterprise Linux 8php:8.2/phpFix deferred
Red Hat Enterprise Linux 9phpFix deferred
Red Hat Enterprise Linux 9php:8.2/phpFix deferred
Red Hat Enterprise Linux 9php:8.3/phpFix deferred

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2378689php: pgsql extension does not check for errors during escaping

5.9 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.9
ubuntu
21 день назад

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

CVSS3: 5.9
nvd
21 день назад

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

CVSS3: 5.9
debian
21 день назад

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...

github
около 1 месяца назад

pgsql extension does not check for errors during escaping

5.9 Medium

CVSS3