What is CVE-2022-31625?

CVE-2022-31625 is a high-severity vulnerability in Php Group, classified under CWE-590. CVSS score: 8.1/10. Published 2022-06-16.

How severe is CVE-2022-31625?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2022-31625 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Php Group

CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized dat…

EPSS: 0.015 (81.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Php Group — versions 7.4.X, 8.0.X, 8.1.X

Weakness classification (CWE)

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

bugs.php.net/bug.php
FEDORA-2022-0a96e5b9b1 (vendor-advisory)
FEDORA-2022-f3fc52428e (vendor-advisory)
DSA-5179 (vendor-advisory)
security.netapp.com/advisory/ntap-20220722-0005/
GLSA-202209-20 (vendor-advisory)
[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update (mailing-list)

Frequently asked questions

What is CVE-2022-31625?: CVE-2022-31625 is a high-severity vulnerability in Php Group, classified under CWE-590. CVSS score: 8.1/10. Published 2022-06-16.
How severe is CVE-2022-31625?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2022-31625 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.