Oracle Linux 8 : php:7.4 (ELSA-2022-6158)
Discription
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6158 advisory.
– In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. (CVE-2022-31625)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More
References
Back to Main