In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. References: https://bugs.php.net/bug.php?id=81720 https://github.com/php/php-src/commit/55f6895f4b4c677272fd4ee1113acdbd99c4b5ab
Created php tracking bugs for this issue: Affects: fedora-all [bug 2098529]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:5491 https://access.redhat.com/errata/RHSA-2022:5491
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31625
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6158 https://access.redhat.com/errata/RHSA-2022:6158
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7624 https://access.redhat.com/errata/RHSA-2022:7624
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8197 https://access.redhat.com/errata/RHSA-2022:8197