Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:6158

Опубликовано: 24 авг. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

  • php: uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
apcu-panelnoarch1.module+el8.6.0+789+2130c178apcu-panel-5.1.18-1.module+el8.6.0+789+2130c178.noarch.rpm
libzipx86_641.module+el8.6.0+789+2130c178libzip-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
libzip-develx86_641.module+el8.6.0+789+2130c178libzip-devel-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
libzip-toolsx86_641.module+el8.6.0+789+2130c178libzip-tools-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
php-pecl-apcux86_641.module+el8.6.0+789+2130c178php-pecl-apcu-5.1.18-1.module+el8.6.0+789+2130c178.x86_64.rpm
php-pecl-apcu-develx86_641.module+el8.6.0+789+2130c178php-pecl-apcu-devel-5.1.18-1.module+el8.6.0+789+2130c178.x86_64.rpm
php-pecl-rrdx86_641.module+el8.4.0+414+2e7afcddphp-pecl-rrd-2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm
php-pecl-xdebugx86_641.module+el8.4.0+415+e936cba3php-pecl-xdebug-2.9.5-1.module+el8.4.0+415+e936cba3.x86_64.rpm
php-pecl-zipx86_641.module+el8.6.0+789+2130c178php-pecl-zip-1.18.2-1.module+el8.6.0+789+2130c178.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-31625

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-31625

CVSS3: 8.1
ubuntu
около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

redhat логотип

CVE-2022-31625

CVSS3: 7
redhat
около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

nvd логотип

CVE-2022-31625

CVSS3: 8.1
nvd
около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

debian логотип

CVE-2022-31625

CVSS3: 8.1
debian
около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...

github логотип

GHSA-wg63-8xjw-5wvx

CVSS3: 9.8
github
около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.