Important: php

Issue Overview: A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw...

ROS-20220826-01

A vulnerability in the phpurlparseex function of the PHP programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an SSRF attack Vulnerability in the SOAP extension of the PHP interpreter...

The vulnerability of the mysqlnd/pdo function (mysqlnd_wireprotocol.c) in the PHP programming language interpreter allows a hacker to execute arbitrary code.

The vulnerability of the mysqlnd/pdo function mysqlndwireprotocol.c in the PHP programming language interpreter is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

CVE-2022-31626 mysqlnd/pdo password buffer overflow

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

PT-2022-3056 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 7.4.x through 7.4.29 PHP versions 8.0.x through 8.0.19 PHP versions 8.1.x through 8.1.6 Description: The issue is related to a buffer overflow vulnerability in the mysqlnd/pdo function of the PHP interpreter, specifically in the...