PHP 8.0.x < 8.0.20 Multiple Vulnerabilities

high Nessus Plugin ID 161991

Synopsis

The version PHP running on the remote web server is affected by multiple vulnerabilities.

Description

The version of PHP installed on the remote host is prior to 8.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.20 advisory.

- In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. (CVE-2022-31625)

- In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. (CVE-2022-31626)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PHP version 8.0.20 or later.

See Also

http://bugs.php.net/81719

http://bugs.php.net/81720

http://php.net/ChangeLog-8.php#8.0.20

Plugin Details

Severity: High

ID: 161991

File Name: php_8_0_20.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 6/9/2022

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-31625

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-31626

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP, installed_sw/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/9/2022

Vulnerability Publication Date: 6/9/2022

Reference Information

CVE: CVE-2022-31625, CVE-2022-31626