CVE-2022-31625

Name	CVE-2022-31625
Description	In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3243-1, DSA-5179-1, ELA-775-1, ELA-777-1
Debian Bugs	1014533

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
php5 (PTS)	jessie, jessie (lts)	5.6.40+dfsg-0+deb8u21	fixed
php7.0 (PTS)	stretch (security)	7.0.33-0+deb9u12	vulnerable
	stretch (lts), stretch	7.0.33-0+deb9u19	fixed
php7.3 (PTS)	buster, buster (lts)	7.3.31-1~deb10u8	fixed
	buster (security)	7.3.31-1~deb10u7	fixed
php7.4 (PTS)	bullseye	7.4.33-1+deb11u5	fixed
	bullseye (security)	7.4.33-1+deb11u6	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
php5	source	jessie	5.6.40+dfsg-0+deb8u16	ELA-777-1
php5	source	(unstable)	(unfixed)
php7.0	source	stretch	7.0.33-0+deb9u13	ELA-775-1
php7.0	source	(unstable)	(unfixed)
php7.3	source	buster	7.3.31-1~deb10u2	DLA-3243-1
php7.3	source	(unstable)	(unfixed)
php7.4	source	bullseye	7.4.30-1+deb11u1	DSA-5179-1
php7.4	source	(unstable)	(unfixed)
php8.1	source	(unstable)	8.1.7-1		1014533

Notes

[stretch] - php7.0 <postponed> (Minor issue; can be fixed in next update)
Fixed in 7.4.30, 8.0.20, 8.1.7
PHP Bug: https://bugs.php.net/bug.php?id=81720
https://github.com/php/php-src/commit/55f6895f4b4c677272fd4ee1113acdbd99c4b5ab (php-7.4.30)