This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.
This page will reflect the classification results once they are available through NVD.
Any vendor information available is shown as below.
php: PDO:: quote() may return unquoted string due to an integer overflow
| Name | Vendor | Version |
|---|---|---|
| Red Hat Enterprise Linux 8 | RedHat | php:8.0-8070020230118114629.ef331662 |
| Red Hat Enterprise Linux 8 | RedHat | php:7.4-8080020230118140634.cc342424 |
| Red Hat Enterprise Linux 9 | RedHat | php-0:8.0.27-1.el9_1 |
| Red Hat Enterprise Linux 9 | RedHat | php:8.1-9020020230120141750.9 |
A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place.
| Name | Vendor | Version |
|---|---|---|
| Php7.2 | Ubuntu/bionic | 7.2.24-0ubuntu0.18.04.16 |
| Php7.2 | Ubuntu/upstream | TBD |
| Php7.4 | Ubuntu/upstream | TBD |
| Php7.4 | Ubuntu/focal | 7.4.3-4ubuntu2.17 |
| Php8.1 | Ubuntu/jammy | 8.1.2-1ubuntu2.10 |
| Php8.1 | Ubuntu/kinetic | 8.1.7-1ubuntu3.2 |
| Php8.1 | Ubuntu/upstream | 8.1.14 |
| Php8.1 | Ubuntu/lunar | 8.1.12-1ubuntu3 |
| Php5 | Ubuntu/esm-infra-legacy/trusty | |
| Php5 | Ubuntu/trusty/esm | |
| Php5 | Ubuntu/trusty | end of standard support |
| Php5 | Ubuntu/upstream | TBD |
| Php7.0 | Ubuntu/upstream | TBD |
| Php7.0 | Ubuntu/xenial | end of standard support |
| Php7.0 | Ubuntu/esm-infra/xenial | 7.0.33-0ubuntu0.16.04.16+esm5 |