In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. References: https://bugs.php.net/bug.php?id=81719 https://github.com/php/php-src/commit/58006537fc5f133ae8549efe5118cde418b3ace9
Created php tracking bugs for this issue: Affects: fedora-all [bug 2098528]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5471 https://access.redhat.com/errata/RHSA-2022:5471
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5467 https://access.redhat.com/errata/RHSA-2022:5467
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5468 https://access.redhat.com/errata/RHSA-2022:5468
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:5491 https://access.redhat.com/errata/RHSA-2022:5491
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31626
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5904 https://access.redhat.com/errata/RHSA-2022:5904