Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-31626

Опубликовано: 16 июн. 2022
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 6
CVSS3: 7.5

Описание

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

needed

esm-infra/focal

DNE

focal

DNE

impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

released

7.0.33-0ubuntu0.16.04.16+esm4
focal

DNE

impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

Показывать по

РелизСтатусПримечание
bionic

released

7.2.24-0ubuntu0.18.04.12
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

7.2.24-0ubuntu0.18.04.12
esm-infra/focal

DNE

focal

DNE

impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

not-affected

7.4.3-4ubuntu2.12
focal

released

7.4.3-4ubuntu2.12
impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

impish

released

8.0.8-1ubuntu0.4
jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

impish

DNE

jammy

released

8.1.2-1ubuntu2.1
kinetic

released

8.1.5-1ubuntu2
lunar

released

8.1.5-1ubuntu2
mantic

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 94%
0.14525
Средний

6 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-31626

CVSS3: 8.8
redhat
около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

nvd логотип

CVE-2022-31626

CVSS3: 7.5
nvd
около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

debian логотип

CVE-2022-31626

CVSS3: 7.5
debian
около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...

rocky логотип

RLSA-2022:5468

rocky
почти 3 года назад

Important: php:8.0 security update

rocky логотип

RLSA-2022:5467

rocky
почти 3 года назад

Important: php:7.4 security update

EPSS

Процентиль: 94%
0.14525
Средний

6 Medium

CVSS2

7.5 High

CVSS3

Уязвимость CVE-2022-31626