BIT-PHP-MIN-2022-31626 mysqlnd/pdo password buffer overflow

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

php: password of excessive length triggers buffer overflow leading to RCE

A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlndwireprotocol.c. When using the pdomysql extension with mysqlnd driver, if the third party is allowed to supply a MySQL database server password in the mysqlnd driver to the host for the connection,...

OESA-2022-1721 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

DEBIAN-CVE-2022-31626

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

UBUNTU-CVE-2022-31626

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

Fedora 22 : php-5.6.19-1.fc22 (2016-baa32758d0)

03 Mar 2016, PHP 5.6.19 CLI server: Fixed bug php71559 Built-in HTTP server, we can download file in web by bug. Johannes, Anatol CURL: - Fixed bug php71523 Copied handle with new option CURLOPTHTTPHEADER crashes while curlmultiexec. Laruence Date: Fixed bug php68078 Datetime comparisons ignore...

Fedora 23 : php-5.6.19-1.fc23 (2016-c0853ea24e)

03 Mar 2016, PHP 5.6.19 CLI server: Fixed bug php71559 Built-in HTTP server, we can download file in web by bug. Johannes, Anatol CURL: - Fixed bug php71523 Copied handle with new option CURLOPTHTTPHEADER crashes while curlmultiexec. Laruence Date: Fixed bug php68078 Datetime comparisons ignore...

Amazon Linux AMI : php-ZendFramework (ALAS-2014-460)

The 1 ZendLdap class in Zend before 1.12.9 and 2 Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. CVE-2014-8088 The 1.12.9, 2.2.8, and 2.3.3 releas...