{"id":"CVE-2022-31625","details":"In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.","aliases":["BIT-libphp-2022-31625","BIT-php-2022-31625","BIT-php-min-2022-31625"],"modified":"2026-03-20T12:06:02.414143Z","published":"2022-06-16T06:15:08.623Z","related":["ALSA-2022:6158","ALSA-2022:7624","ALSA-2022:8197","MGASA-2022-0234","SUSE-SU-2022:2161-1","SUSE-SU-2022:2183-1","SUSE-SU-2022:2185-1","SUSE-SU-2022:2275-1","SUSE-SU-2022:2292-1","SUSE-SU-2022:2303-1","SUSE-SU-2022:3997-1","SUSE-SU-2022:4067-1","SUSE-SU-2022:4068-1","SUSE-SU-2022:4069-1","openSUSE-SU-2024:13267-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-20"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220722-0005/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5179"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"},{"type":"FIX","url":"https://bugs.php.net/bug.php?id=81720"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"3c7824e16ec4c3cee417262445d2c2b66531c10f"},{"fixed":"c94d7983d35736b710bf0689c5cb78d0396984d9"},{"introduced":"5dc92c2117cafc61daaaaa240fd46c3ac33872a4"},{"fixed":"8bfdd9978c58ed79cee34451ab02d67bbadb206f"},{"introduced":"381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115"},{"fixed":"d35e577a1bd0b35b9386cea97cddc73fd98eed6d"}],"database_specific":{"versions":[{"introduced":"7.4.0"},{"fixed":"7.4.30"},{"introduced":"8.0.0"},{"fixed":"8.0.20"},{"introduced":"8.1.0"},{"fixed":"8.1.7"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31625.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}