ROS-20220826-01

A vulnerability in the php_url_parse_ex() function of the PHP programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an SSRF attack

Vulnerability in the SOAP extension of the PHP interpreter is related to pointer dereferencing errors. Exploitation of the vulnerability could allow a remote attacker to crash the application.

A vulnerability in the mysqlnd/pdo function (mysqlnd_wireprotocol.c) of the PHP programming language interpreter involves buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code.

A vulnerability in the pg_query_params() function of the PHP interpreter is related to an uninitialized array error in the pg_query_params() function. Exploitation of the vulnerability could allow a remote attacker to cause memory corruption and execute arbitrary code on the system

A vulnerability in the php_filter_float() function of the PHP programming language interpreter involves a memory usage error after memory is freed. Exploitation of the vulnerability could allow a remote attacker to pass specially crafted input data to an application using the affected PHP function, cause a post-release usage error, and cause the php-fpm process to crash

A vulnerability in the pdo_firebase module of the PHP programming language interpreter is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

A vulnerability in the SAPI component of the PHP-FPM extension of the PHP programming language interpreter is related to access delimitation errors in process sharing. Exploitation of the vulnerability could allow an attacker to escalate privileges to root

An implementation vulnerability in the finfo_buffer() function of the PHP programming language interpreter is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code.