CVE-2022-31631 php: PDO::quote() may return unquoted string https://www.php.net/ChangeLog-8.php#8.0.27 https://bugs.php.net/bug.php?id=81740 https://github.com/php/php-src/commit/921b6813da3237a83e908998483f46ae3d8bacba
Created php tracking bugs for this issue: Affects: fedora-all [bug 2158798]
Notice: This issue (again) needs a >2GB string to be exploited So any reasonable memory_limit will protect from it (default value is 128MB)
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0848 https://access.redhat.com/errata/RHSA-2023:0848
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0965 https://access.redhat.com/errata/RHSA-2023:0965
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2417 https://access.redhat.com/errata/RHSA-2023:2417
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2903 https://access.redhat.com/errata/RHSA-2023:2903
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31631