Site icon API Security Blog

Ubuntu 18.04 LTS : PHP regression (USN-5479-3)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5479-3 advisory.

– In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. (CVE-2022-31625)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Exit mobile version