Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-5904-01

Red Hat Security Advisory 2022-5904-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a buffer overflow vulnerability.

Packet Storm
#sql#vulnerability#linux#red_hat#apache#js#php#rce#ldap#buffer_overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: php security update
Advisory ID: RHSA-2022:5904-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5904
Issue date: 2022-08-04
CVE Names: CVE-2022-31626
====================================================================

  1. Summary:

An update for php is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

Security Fix(es):

  • php: password of excessive length triggers buffer overflow leading to RCE
    (CVE-2022-31626)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
php-8.0.13-2.el9_0.src.rpm

aarch64:
php-8.0.13-2.el9_0.aarch64.rpm
php-bcmath-8.0.13-2.el9_0.aarch64.rpm
php-bcmath-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-cli-8.0.13-2.el9_0.aarch64.rpm
php-cli-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-common-8.0.13-2.el9_0.aarch64.rpm
php-common-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-dba-8.0.13-2.el9_0.aarch64.rpm
php-dba-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-dbg-8.0.13-2.el9_0.aarch64.rpm
php-dbg-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-debugsource-8.0.13-2.el9_0.aarch64.rpm
php-devel-8.0.13-2.el9_0.aarch64.rpm
php-embedded-8.0.13-2.el9_0.aarch64.rpm
php-embedded-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-enchant-8.0.13-2.el9_0.aarch64.rpm
php-enchant-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-ffi-8.0.13-2.el9_0.aarch64.rpm
php-ffi-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-fpm-8.0.13-2.el9_0.aarch64.rpm
php-fpm-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-gd-8.0.13-2.el9_0.aarch64.rpm
php-gd-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-gmp-8.0.13-2.el9_0.aarch64.rpm
php-gmp-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-intl-8.0.13-2.el9_0.aarch64.rpm
php-intl-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-ldap-8.0.13-2.el9_0.aarch64.rpm
php-ldap-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-mbstring-8.0.13-2.el9_0.aarch64.rpm
php-mbstring-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-mysqlnd-8.0.13-2.el9_0.aarch64.rpm
php-mysqlnd-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-odbc-8.0.13-2.el9_0.aarch64.rpm
php-odbc-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-opcache-8.0.13-2.el9_0.aarch64.rpm
php-opcache-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-pdo-8.0.13-2.el9_0.aarch64.rpm
php-pdo-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-pgsql-8.0.13-2.el9_0.aarch64.rpm
php-pgsql-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-process-8.0.13-2.el9_0.aarch64.rpm
php-process-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-snmp-8.0.13-2.el9_0.aarch64.rpm
php-snmp-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-soap-8.0.13-2.el9_0.aarch64.rpm
php-soap-debuginfo-8.0.13-2.el9_0.aarch64.rpm
php-xml-8.0.13-2.el9_0.aarch64.rpm
php-xml-debuginfo-8.0.13-2.el9_0.aarch64.rpm

ppc64le:
php-8.0.13-2.el9_0.ppc64le.rpm
php-bcmath-8.0.13-2.el9_0.ppc64le.rpm
php-bcmath-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-cli-8.0.13-2.el9_0.ppc64le.rpm
php-cli-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-common-8.0.13-2.el9_0.ppc64le.rpm
php-common-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-dba-8.0.13-2.el9_0.ppc64le.rpm
php-dba-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-dbg-8.0.13-2.el9_0.ppc64le.rpm
php-dbg-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-debugsource-8.0.13-2.el9_0.ppc64le.rpm
php-devel-8.0.13-2.el9_0.ppc64le.rpm
php-embedded-8.0.13-2.el9_0.ppc64le.rpm
php-embedded-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-enchant-8.0.13-2.el9_0.ppc64le.rpm
php-enchant-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-ffi-8.0.13-2.el9_0.ppc64le.rpm
php-ffi-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-fpm-8.0.13-2.el9_0.ppc64le.rpm
php-fpm-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-gd-8.0.13-2.el9_0.ppc64le.rpm
php-gd-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-gmp-8.0.13-2.el9_0.ppc64le.rpm
php-gmp-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-intl-8.0.13-2.el9_0.ppc64le.rpm
php-intl-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-ldap-8.0.13-2.el9_0.ppc64le.rpm
php-ldap-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-mbstring-8.0.13-2.el9_0.ppc64le.rpm
php-mbstring-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-mysqlnd-8.0.13-2.el9_0.ppc64le.rpm
php-mysqlnd-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-odbc-8.0.13-2.el9_0.ppc64le.rpm
php-odbc-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-opcache-8.0.13-2.el9_0.ppc64le.rpm
php-opcache-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-pdo-8.0.13-2.el9_0.ppc64le.rpm
php-pdo-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-pgsql-8.0.13-2.el9_0.ppc64le.rpm
php-pgsql-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-process-8.0.13-2.el9_0.ppc64le.rpm
php-process-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-snmp-8.0.13-2.el9_0.ppc64le.rpm
php-snmp-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-soap-8.0.13-2.el9_0.ppc64le.rpm
php-soap-debuginfo-8.0.13-2.el9_0.ppc64le.rpm
php-xml-8.0.13-2.el9_0.ppc64le.rpm
php-xml-debuginfo-8.0.13-2.el9_0.ppc64le.rpm

s390x:
php-8.0.13-2.el9_0.s390x.rpm
php-bcmath-8.0.13-2.el9_0.s390x.rpm
php-bcmath-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-cli-8.0.13-2.el9_0.s390x.rpm
php-cli-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-common-8.0.13-2.el9_0.s390x.rpm
php-common-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-dba-8.0.13-2.el9_0.s390x.rpm
php-dba-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-dbg-8.0.13-2.el9_0.s390x.rpm
php-dbg-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-debugsource-8.0.13-2.el9_0.s390x.rpm
php-devel-8.0.13-2.el9_0.s390x.rpm
php-embedded-8.0.13-2.el9_0.s390x.rpm
php-embedded-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-enchant-8.0.13-2.el9_0.s390x.rpm
php-enchant-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-ffi-8.0.13-2.el9_0.s390x.rpm
php-ffi-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-fpm-8.0.13-2.el9_0.s390x.rpm
php-fpm-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-gd-8.0.13-2.el9_0.s390x.rpm
php-gd-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-gmp-8.0.13-2.el9_0.s390x.rpm
php-gmp-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-intl-8.0.13-2.el9_0.s390x.rpm
php-intl-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-ldap-8.0.13-2.el9_0.s390x.rpm
php-ldap-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-mbstring-8.0.13-2.el9_0.s390x.rpm
php-mbstring-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-mysqlnd-8.0.13-2.el9_0.s390x.rpm
php-mysqlnd-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-odbc-8.0.13-2.el9_0.s390x.rpm
php-odbc-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-opcache-8.0.13-2.el9_0.s390x.rpm
php-opcache-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-pdo-8.0.13-2.el9_0.s390x.rpm
php-pdo-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-pgsql-8.0.13-2.el9_0.s390x.rpm
php-pgsql-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-process-8.0.13-2.el9_0.s390x.rpm
php-process-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-snmp-8.0.13-2.el9_0.s390x.rpm
php-snmp-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-soap-8.0.13-2.el9_0.s390x.rpm
php-soap-debuginfo-8.0.13-2.el9_0.s390x.rpm
php-xml-8.0.13-2.el9_0.s390x.rpm
php-xml-debuginfo-8.0.13-2.el9_0.s390x.rpm

x86_64:
php-8.0.13-2.el9_0.x86_64.rpm
php-bcmath-8.0.13-2.el9_0.x86_64.rpm
php-bcmath-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-cli-8.0.13-2.el9_0.x86_64.rpm
php-cli-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-common-8.0.13-2.el9_0.x86_64.rpm
php-common-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-dba-8.0.13-2.el9_0.x86_64.rpm
php-dba-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-dbg-8.0.13-2.el9_0.x86_64.rpm
php-dbg-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-debugsource-8.0.13-2.el9_0.x86_64.rpm
php-devel-8.0.13-2.el9_0.x86_64.rpm
php-embedded-8.0.13-2.el9_0.x86_64.rpm
php-embedded-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-enchant-8.0.13-2.el9_0.x86_64.rpm
php-enchant-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-ffi-8.0.13-2.el9_0.x86_64.rpm
php-ffi-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-fpm-8.0.13-2.el9_0.x86_64.rpm
php-fpm-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-gd-8.0.13-2.el9_0.x86_64.rpm
php-gd-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-gmp-8.0.13-2.el9_0.x86_64.rpm
php-gmp-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-intl-8.0.13-2.el9_0.x86_64.rpm
php-intl-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-ldap-8.0.13-2.el9_0.x86_64.rpm
php-ldap-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-mbstring-8.0.13-2.el9_0.x86_64.rpm
php-mbstring-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-mysqlnd-8.0.13-2.el9_0.x86_64.rpm
php-mysqlnd-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-odbc-8.0.13-2.el9_0.x86_64.rpm
php-odbc-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-opcache-8.0.13-2.el9_0.x86_64.rpm
php-opcache-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-pdo-8.0.13-2.el9_0.x86_64.rpm
php-pdo-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-pgsql-8.0.13-2.el9_0.x86_64.rpm
php-pgsql-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-process-8.0.13-2.el9_0.x86_64.rpm
php-process-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-snmp-8.0.13-2.el9_0.x86_64.rpm
php-snmp-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-soap-8.0.13-2.el9_0.x86_64.rpm
php-soap-debuginfo-8.0.13-2.el9_0.x86_64.rpm
php-xml-8.0.13-2.el9_0.x86_64.rpm
php-xml-debuginfo-8.0.13-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-31626
https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYuu2C9zjgjWX9erEAQgeMxAAlOgech3DuaHnXonl6NO6pWGg/w28+5WG
c4qludknb7j62Px5G6OMfntWoCE3Tfu5qodhi+KZsEqLEmCMD5xkOluytcCf3mQU
q1SMsiURaLM8QZ7NMbyrDxjvhtbRcL2fpcYR5dx4gVjT1U2D0eMCilYxNLDyHj6J
5i1FRniq4ovb4hQxtg5SwRPeSjsxlpeB13WzL8UrRP/CBQGY7402/wU4eeeiwWbE
JgX2Rp/lpy/PQfEhcqptiXxMS2prJt3pjPKLjcLziQ5CIHhJZrRHM/mpu7/TMf7d
DiMjZ1CJoFHKnzim5Ggo487p67FyVF4jCixmksrY2J+gs9lPoUI64AQ/LmiE5AtZ
I5ekgmOUI5Wi3tE/tTqetGWV+/97geiH68nbarB6FlN50jhjNwU90r3hBxikFTAv
ZzwrzTJM0TuDjAVS91VKCZTwWy7LEjDcSA5mW8hsFbpJKNsR5kjsLqE70oZLjACl
XfcHq1nnBBIiT6us8ffAZc4lLKXeMxCDyI2tyBU3DkxmIzHm4Ittow6Q9/VCixmz
atjjmkO9lirsRlsnYqjjksvRodOzJ7ZzdQYoI2zn2KlWaFmdC/rNxUR2Wf9wAh4A
YpeY9+613Ootjk3A5CuOBmEinhdVdxjBU09TpIbpnIFTurtSHpKxmZwcRoZlI/Yr
JTCXWoZ9GqU­c7
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Gentoo Linux Security Advisory 202209-20

Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.

Resolving Availability vs. Security, a Constant Conflict in IT

Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn’t always easy – though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams. Yes, both teams ultimately want to have secure

Ubuntu Security Notice USN-5479-3

Ubuntu Security Notice 5479-3 - USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5479-2

Ubuntu Security Notice 5479-2 - USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2022-5491-01

Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

RHSA-2022:5491: Red Hat Security Advisory: rh-php73-php security and bug fix update

An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21703: php: Local privilege escalation via PHP-FPM * CVE-2021-21707: php: special character breaks path in xml parsing * CVE-2022-31625: php: uninitialized array in pg_query_params() leading to RCE * CVE-2022-31626: php: password of excessive length triggers buffer overflow leading to RCE

RHSA-2022:5468: Red Hat Security Advisory: php:8.0 security update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31626: php: password of excessive length triggers buffer overflow leading to RCE

RHSA-2022:5467: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31626: php: password of excessive length triggers buffer overflow leading to RCE

RHSA-2022:5471: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31626: php: password of excessive length triggers buffer overflow leading to RCE

Ubuntu Security Notice USN-5479-1

Ubuntu Security Notice 5479-1 - Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2022-31626: mysqlnd/pdo password buffer overflow leading to RCE

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

CVE-2016-4343: PHP: PHP 7 ChangeLog

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution