14 lines
1.7 KiB
JSON
14 lines
1.7 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1721",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1721",
|
|
"title": "An update for php is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Important",
|
|
"description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.\r\n\r\nSecurity Fix(es):\r\n\r\nIn PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.(CVE-2022-31626)\r\n\r\nIn PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.(CVE-2022-31625)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-31625",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31625",
|
|
"severity": "Important"
|
|
}
|
|
]
|
|
} |