In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 7.4.0 (including) | 7.4.30 (excluding) |
| Php | Php | 8.0.0 (including) | 8.0.20 (excluding) |
| Php | Php | 8.1.0 (including) | 8.1.7 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | php:7.4-8060020220811045407.5caa48ff | * |
| Red Hat Enterprise Linux 8 | RedHat | php:8.0-8070020220801083134.afd00e68 | * |
| Red Hat Enterprise Linux 9 | RedHat | php-0:8.0.20-3.el9 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php73-php-0:7.3.33-1.el7 | * |
| Php5 | Ubuntu | esm-infra-legacy/trusty | * |
| Php5 | Ubuntu | trusty | * |
| Php5 | Ubuntu | trusty/esm | * |
| Php7.0 | Ubuntu | esm-infra/xenial | * |
| Php7.0 | Ubuntu | xenial | * |
| Php7.2 | Ubuntu | bionic | * |
| Php7.4 | Ubuntu | focal | * |
| Php7.4 | Ubuntu | upstream | * |
| Php8.0 | Ubuntu | impish | * |
| Php8.0 | Ubuntu | upstream | * |
| Php8.1 | Ubuntu | jammy | * |
| Php8.1 | Ubuntu | kinetic | * |
| Php8.1 | Ubuntu | lunar | * |
| Php8.1 | Ubuntu | upstream | * |
This weakness can take several forms, such as: