Uninitialized Data Pointer Vulnerability in PHP Postgres Database Extension

Uninitialized Data Pointer Vulnerability in PHP Postgres Database Extension

CVE-2022-31625 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Learn more about our Web Application Penetration Testing UK.