VDB
DEBIAN-CVE-2022-31625
DEBIAN-CVE-2022-31625
PUBLISHED
CVSS 8.100000381469727 HIGH
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | php7.4 | 0, 7.4.21-1, 7.4.25-1 |
Timeline
- Jun 16, 2022 CVE Published
- Apr 28, 2026 CVE Updated