Updated: 2024-11-30 02:12:42.122664
Description:
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 6 |
| CVSS Version 3.x | HIGH | 8.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | php | 5.3.3 | 8.8 | HIGH | Not Vulnerable | 2022-07-18 08:59:13 | ||
| CentOS 7 ELS | php | 5.4.16 | 8.8 | HIGH | Released | CLSA-2024:1706700142 | 2024-02-19 10:09:30 | |
| CentOS 8.4 ELS | php | 7.4.6 | 8.8 | HIGH | Released | CLSA-2022:1656958574 | 2022-07-04 14:43:43 | |
| CentOS 8.5 ELS | php | 7.4.19 | 8.8 | HIGH | Released | CLSA-2022:1656958778 | 2022-07-04 14:43:42 | |
| CloudLinux 6 ELS | php | 5.3.3 | 8.8 | HIGH | Not Vulnerable | 2022-07-18 08:59:13 | ||
| Oracle Linux 6 ELS | php | 5.3.3 | 8.8 | HIGH | Not Vulnerable | 2022-07-18 08:59:13 | ||
| Ubuntu 16.04 ELS | php | 7.0.33 | 8.8 | HIGH | Released | CLSA-2022:1657182029 | 2022-07-07 06:30:42 | |
| Ubuntu 18.04 ELS | php | 7.2.24-0 | 8.8 | HIGH | Already Fixed | 2023-06-29 14:06:38 |