{"id":"CVE-2022-31625","summary":"Freeing unallocated memory in php_pgsql_free_params()","details":"In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.","aliases":["BIT-libphp-2022-31625","BIT-php-2022-31625","BIT-php-min-2022-31625"],"modified":"2026-05-18T05:53:50.958809250Z","published":"2022-06-16T05:45:15.228Z","related":["ALSA-2022:6158","ALSA-2022:7624","ALSA-2022:8197","SUSE-SU-2022:2161-1","SUSE-SU-2022:2183-1","SUSE-SU-2022:2185-1","SUSE-SU-2022:2275-1","SUSE-SU-2022:2292-1","SUSE-SU-2022:2303-1","SUSE-SU-2022:3997-1","SUSE-SU-2022:4067-1","SUSE-SU-2022:4068-1","SUSE-SU-2022:4069-1","openSUSE-SU-2024:13267-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31625.json","cwe_ids":["CWE-590","CWE-824"],"unresolved_ranges":[{"extracted_events":[{"introduced":"7.4.X"},{"fixed":"7.4.30"},{"introduced":"8.0.X"},{"fixed":"8.0.20"},{"introduced":"8.1.X"},{"fixed":"8.1.7"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"php"},"references":[{"type":"WEB","url":"https://bugs.php.net/bug.php?id=81720"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31625.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31625"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-20"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220722-0005/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5179"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"3c7824e16ec4c3cee417262445d2c2b66531c10f"},{"fixed":"c94d7983d35736b710bf0689c5cb78d0396984d9"},{"introduced":"5dc92c2117cafc61daaaaa240fd46c3ac33872a4"},{"fixed":"8bfdd9978c58ed79cee34451ab02d67bbadb206f"},{"introduced":"381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115"},{"fixed":"d35e577a1bd0b35b9386cea97cddc73fd98eed6d"}],"database_specific":{"extracted_events":[{"introduced":"7.4.0"},{"fixed":"7.4.30"},{"introduced":"8.0.0"},{"fixed":"8.0.20"},{"introduced":"8.1.0"},{"fixed":"8.1.7"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31625.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}