CVE-2022-31626

Updated: 2023-02-22 22:26:09.603803

Description:

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated
EL 6 PHP php 5.1 8.8 HIGH Not Vulnerable 2022-08-17 11:02:12
EL 6 PHP php 5.2 8.8 HIGH Not Vulnerable 2022-08-17 11:02:12
EL 6 PHP php 5.5 8.8 HIGH Released CLSA-2022:1663762488 2022-09-21 11:02:28
EL 6 PHP php 7.0 8.8 HIGH Released CLSA-2022:1663866151 2022-09-22 14:06:37
EL 6 PHP php 7.1 8.8 HIGH Released CLSA-2022:1663861302 2022-09-22 14:06:37
EL 6 PHP php 5.4 8.8 HIGH Released CLSA-2022:1663856605 2022-09-22 11:02:27
EL 6 PHP php 7.2 8.8 HIGH Released CLSA-2022:1663858000 2022-09-22 11:02:27
EL 6 PHP php 5.6 8.8 HIGH Released CLSA-2022:1663862855 2022-09-22 14:06:37
EL 6 PHP php 7.3 8.8 HIGH Released CLSA-2022:1663862020 2022-09-22 14:06:37
EL 6 PHP php 5.3 8.8 HIGH Not Vulnerable 2022-08-17 05:02:08
Total: 86