admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/31xxx/CVE-2022-31625.json
CVE Team 05a35b52c0
"-Synchronized-Data."
2022-12-15 21:00:35 +00:00

151 lines
5.3 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2022-06-06T07:00:00.000Z",
"ID": "CVE-2022-31625",
"STATE": "PUBLIC",
"TITLE": "Freeing unallocated memory in php_pgsql_free_params()"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.4.X",
"version_value": "7.4.30"
},
{
"version_affected": "<",
"version_name": "8.0.X",
"version_value": "8.0.20"
},
{
"version_affected": "<",
"version_name": "8.1.X",
"version_value": "8.1.7"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "pgsql extension enabled"
}
],
"credit": [
{
"lang": "eng",
"value": "c dot fol at ambionics dot io"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-590 Free of Memory not on the Heap"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=81720",
"name": "https://bugs.php.net/bug.php?id=81720"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-0a96e5b9b1",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-f3fc52428e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5179",
"url": "https://www.debian.org/security/2022/dsa-5179"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220722-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220722-0005/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-20",
"url": "https://security.gentoo.org/glsa/202209-20"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=81720"
],
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink