CVE-2022-31631

Updated: 2023-03-10 12:28:07.061403

Description:

A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.9

Status

OS name Project name Version Score Severity Status Errata Last updated
EL 6 PHP php 8.1 5.9 MEDIUM Not Vulnerable 2023-01-13 07:37:27
EL 6 PHP php 5.2 5.9 MEDIUM Released CLSA-2023:1675200662 2023-01-31 19:53:41
EL 6 PHP php 8.0 5.9 MEDIUM Not Vulnerable 2023-01-13 07:37:27
EL 6 PHP php 7.3 5.9 MEDIUM Released CLSA-2023:1675203363 2023-01-31 19:53:40
EL 6 PHP php 7.1 5.9 MEDIUM Released CLSA-2023:1675202314 2023-01-31 19:53:40
EL 6 PHP php 5.4 5.9 MEDIUM Released CLSA-2023:1675201426 2023-01-31 19:53:40
EL 6 PHP php 7.4 5.9 MEDIUM Released CLSA-2023:1675203835 2023-01-31 19:53:37
EL 6 PHP php 5.1 5.9 MEDIUM Released CLSA-2023:1675197654 2023-01-31 16:02:38
EL 6 PHP php 5.5 5.9 MEDIUM Released CLSA-2023:1675201717 2023-01-31 19:53:37
EL 6 PHP php 7.0 5.9 MEDIUM Released CLSA-2023:1675202025 2023-01-31 19:53:40
Total: 70