Vulnerability CVE-2022-31626

Vulnerability Name:

CVE-2022-31626 (CCN-229123)

Assigned:

2022-05-16

Published:

2022-05-16

Updated:

2023-02-23

Summary:

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-120

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2022-31626

Source: CCN
Type: PHP Sec Bug #81719
mysqlnd/pdo password buffer overflow leading to RCE

Source: security@php.net
Type: Exploit, Issue Tracking, Mailing List, Patch, Vendor Advisory
security@php.net

Source: XF
Type: UNKNOWN
php-cve202231626-bo(229123)

Source: security@php.net
Type: Mailing List, Third Party Advisory
security@php.net

Source: security@php.net
Type: Mailing List, Third Party Advisory
security@php.net

Source: security@php.net
Type: Mailing List, Third Party Advisory
security@php.net

Source: security@php.net
Type: Third Party Advisory
security@php.net

Source: security@php.net
Type: Third Party Advisory
security@php.net

Source: security@php.net
Type: Third Party Advisory
security@php.net

Source: CCN
Type: PHP Web site
PHP

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8075	P	apache2-mod_php7-7.4.33-150400.4.22.1 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20225904	P	RHSA-2022:5904: php security update (Important)	2022-08-04
oval:org.opensuse.security:def:555	P	Security update for php8 (Important)	2022-07-06
oval:org.opensuse.security:def:3776	P	Security update for php8 (Important)	2022-07-06
oval:org.opensuse.security:def:95347	P	Security update for php7 (Important)	2022-07-06
oval:org.opensuse.security:def:3717	P	Security update for php7 (Important)	2022-07-06
oval:org.opensuse.security:def:95369	P	Security update for php7 (Important)	2022-07-06
oval:org.opensuse.security:def:547	P	Security update for php7 (Important)	2022-07-06
oval:org.opensuse.security:def:3739	P	Security update for php7 (Important)	2022-07-06
oval:org.opensuse.security:def:95409	P	Security update for php8 (Important)	2022-07-06
oval:org.opensuse.security:def:544	P	Security update for php7 (Important)	2022-07-05
oval:com.redhat.rhsa:def:20225467	P	RHSA-2022:5467: php:7.4 security update (Important)	2022-06-30
oval:com.redhat.rhsa:def:20225468	P	RHSA-2022:5468: php:8.0 security update (Important)	2022-06-30
oval:org.opensuse.security:def:118932	P	Security update for php7 (Important)	2022-06-24
oval:org.opensuse.security:def:1526	P	Security update for php7 (Important)	2022-06-24
oval:org.opensuse.security:def:538	P	Security update for php7 (Important)	2022-06-24
oval:org.opensuse.security:def:119237	P	Security update for php7 (Important)	2022-06-24
oval:org.opensuse.security:def:1720	P	Security update for php7 (Important)	2022-06-24
oval:org.opensuse.security:def:5284	P	Security update for php72 (Important)	2022-06-24
oval:org.opensuse.security:def:119427	P	Security update for php7 (Important)	2022-06-24
oval:org.opensuse.security:def:118742	P	Security update for php7 (Important)	2022-06-24
oval:org.opensuse.security:def:119612	P	Security update for php7 (Important)	2022-06-24
oval:org.opensuse.security:def:5280	P	Security update for php74 (Important)	2022-06-23

BACK