Lucene search
PRIOn knowledge basePRION:CVE-2022-31626HistoryJun 16, 2022 - 6:15 a.m.
Remote code execution
2022-06-1606:15:00
PRIOn knowledge base
www.prio-n.com
129
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
References
bugs.php.net/bug.php?id=81719
lists.debian.org/debian-lts-announce/2022/12/msg00030.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
security.gentoo.org/glsa/202209-20
security.netapp.com/advisory/ntap-20220722-0005/
www.debian.org/security/2022/dsa-5179
Related
nessus
nessus
RHEL 8 : php:8.0 (RHSA-2022:5468)
2022-06-30 00:00:00
Rocky Linux 8 : php:7.4 (RLSA-2022:5467)
2022-07-11 00:00:00
Rocky Linux 9 : php (RLSA-2022:5904)
2023-11-06 00:00:00
osv
osv
Important: php security update
2022-08-04 00:00:00
CVE-2022-31626
2022-06-16 06:15:08
BIT-php-2022-31626
2024-03-06 11:04:13
redhat
redhat
(RHSA-2022:5471) Important: php:7.4 security update
2022-06-30 21:30:51
(RHSA-2022:5904) Important: php security update
2022-08-04 09:53:47
(RHSA-2022:5467) Important: php:7.4 security update
2022-06-30 21:27:47
redhatcve
redhatcve
CVE-2022-31626
2022-06-20 05:01:27
nvd
nvd
CVE-2022-31626
2022-06-16 06:15:08
almalinux
almalinux
ALSA-2022:5468: php:8.0 security update (Important)
2022-06-30 00:00:00
Important: php security update
2022-08-04 00:00:00
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Php
2022-12-06 16:19:03
oraclelinux
oraclelinux
php security update
2022-08-04 00:00:00
php:8.0 security update
2022-07-04 00:00:00
php:7.4 security update
2022-07-04 00:00:00
thn
thn
Resolving Availability vs. Security, a Constant Conflict in IT
2022-08-05 10:20:00
rocky
rocky
php security update
2022-08-04 09:53:47
php:8.0 security update
2022-06-30 21:27:49
php:7.4 security update
2022-06-30 21:27:47
debiancve
debiancve
CVE-2022-31626
2022-06-16 06:15:08
alpinelinux
alpinelinux
CVE-2022-31626
2022-06-16 06:15:08
cbl_mariner
cbl_mariner
CVE-2022-31626 affecting package php 7.4.14-3
2024-07-09 09:08:46
cve
cve
CVE-2022-31626
2022-06-16 06:15:08
veracode
veracode
Buffer Overflow
2022-06-13 02:07:10
ubuntucve
ubuntucve
CVE-2022-31626
2022-06-13 00:00:00
cvelist
cvelist
CVE-2022-31626 mysqlnd/pdo password buffer overflow
2022-06-06 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2161-1)
2022-06-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2183-1)
2022-06-27 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2022-06-19 00:30:41
f5
f5
K19150034 : PHP vulnerabilities CVE-2022-31625, CVE-2022-31626
2022-07-12 00:00:00
ubuntu
ubuntu
PHP regression
2022-07-07 00:00:00
PHP vulnerabilities
2022-06-15 00:00:00
PHP vulnerabilities
2022-07-04 00:00:00
slackware
slackware
[slackware-security] php
2022-06-13 21:14:24
suse
suse
Security update for php7 (important)
2022-07-05 00:00:00
Security update for php7 (important)
2022-06-24 00:00:00
Security update for php8 (important)
2022-07-06 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: php-8.0.20-1.fc35
2022-06-17 01:19:38
[SECURITY] Fedora 36 Update: php-8.1.7-1.fc36
2022-06-17 01:14:59
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.1 version 8.1.7-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package php7 version 7.4.30-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.20-alt1
2022-06-21 00:00:00
debian
debian
[SECURITY] [DSA 5179-1] php7.4 security update
2022-07-08 19:27:23
[SECURITY] [DLA 3243-1] php7.3 security update
2022-12-15 18:33:17
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-09-29 00:00:00
redos
redos
ROS-20220826-01
2022-08-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00