CVE-2022-31626
published 2022-06-16CVE-2022-31626: In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to…
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
58.38%
99.0th percentile
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | php7.4 | < php7.4 7.4.30-1+deb11u1 (bullseye) | php7.4 7.4.30-1+deb11u1 (bullseye) |
| msrc | cbl2_php_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
| php | php | >= 7.4.0 < 7.4.30 | 7.4.30 |
| php | php | >= 8.0.0 < 8.0.20 | 8.0.20 |
| php | php | >= 8.1.0 < 8.1.7 | 8.1.7 |
| php_group | php | >= 7.4.X < 7.4.30 | 7.4.30 |
| php_group | php | >= 8.0.X < 8.0.20 | 8.0.20 |
| php_group | php | >= 8.1.X < 8.1.7 | 8.1.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via pdo_mysql extension using the mysqlnd driver when a third party supplies an excessively long password — monitor for abnormally long password strings passed through PDO MySQL connections ↗
- →The buffer overflow occurs specifically in mysqlnd_wireprotocol.c within the mysqlnd/pdo code path — focus code review and runtime monitoring on this file/component ↗
- ·Only PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7 are affected; versions outside these ranges are not vulnerable ↗
- ·Vulnerability is only exploitable when the pdo_mysql extension is loaded with the mysqlnd driver (not libmysqlclient); verify driver in use before assessing exposure ↗
- ·Exploitation requires the attacker to control both the MySQL host and the password supplied to the connection — applications that do not expose these parameters to untrusted input are not at risk ↗
- ·Red Hat Enterprise Linux 6 and 7 ship a version of php that is marked Not Affected for this CVE ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_ubuntu8.1HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
php7.2 regression
osv·2022-07-07·CVSS 8.1
CVE-2022-31625 [HIGH] php7.2 regression
php7.2 regression
USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for
CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
OSV
php7.0 vulnerabilities
osv·2022-07-04·CVSS 8.1
CVE-2022-31625 [HIGH] php7.0 vulnerabilities
php7.0 vulnerabilities
USN-5479-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
GHSA
GHSA-jfc6-9gw3-fhfg: In PHP versions 7
ghsa_unreviewed·2022-06-17
CVE-2022-31626 [HIGH] CWE-120 GHSA-jfc6-9gw3-fhfg: In PHP versions 7
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
OSV
CVE-2022-31626: In PHP versions 7
osv·2022-06-16·CVSS 8.8
CVE-2022-31626 [HIGH] CVE-2022-31626: In PHP versions 7
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
OSV
php7.2, php7.4, php8.0, php8.1 vulnerabilities
osv·2022-06-15·CVSS 8.1
CVE-2022-31625 [HIGH] php7.2, php7.4, php8.0, php8.1 vulnerabilities
php7.2, php7.4, php8.0, php8.1 vulnerabilities
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
CISA ICS
Festo Didactic SE MES PC
cisa_ics·2026-01-27·CVSS 7.5
[HIGH] Festo Didactic SE MES PC
ICS Advisory
##
Festo Didactic SE MES PC
Release DateJanuary 27, 2026
Alert CodeICSA-26-027-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Ubuntu
PHP regression
vendor_ubuntu·2022-07-07·CVSS 8.1
CVE-2022-31625 [HIGH] PHP regression
Title: PHP regression
Summary: USN-5479-1 was incomplete and didn't properly fix one of the addressed
issues.
USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for
CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbi
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2022-07-04·CVSS 8.1
CVE-2022-31626 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
USN-5479-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
Instructions: In general, a standard system update will make all the necessary cha
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2022-06-15·CVSS 8.1
CVE-2022-31626 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
mysqlnd/pdo password buffer overflow
vendor_msrc·2022-06-14·CVSS 7.5
CVE-2022-31626 [HIGH] CWE-120 mysqlnd/pdo password buffer overflow
mysqlnd/pdo password buffer overflow
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
php: php
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/az
Red Hat
php: password of excessive length triggers buffer overflow leading to RCE
vendor_redhat·2022-05-16·CVSS 7.5
CVE-2022-31626 [HIGH] CWE-120 php: password of excessive length triggers buffer overflow leading to RCE
php: password of excessive length triggers buffer overflow leading to RCE
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlnd_wireprotocol.c. When using the pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply a MySQL database server password in the mysqlnd driver to the host for the connection, a password of excessive length can trigger a buffer overflow in PHP. This flaw
Debian
CVE-2022-31626: php7.4 - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, w...
vendor_debian·2022·CVSS 7.5
CVE-2022-31626 [HIGH] CVE-2022-31626: php7.4 - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, w...
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
Scope: local
bullseye: resolved (fixed in 7.4.30-1+deb11u1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.php.net/bug.php?id=81719https://lists.debian.org/debian-lts-announce/2022/12/msg00030.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/https://security.gentoo.org/glsa/202209-20https://security.netapp.com/advisory/ntap-20220722-0005/https://www.debian.org/security/2022/dsa-5179https://bugs.php.net/bug.php?id=81719https://lists.debian.org/debian-lts-announce/2022/12/msg00030.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/https://security.gentoo.org/glsa/202209-20https://security.netapp.com/advisory/ntap-20220722-0005/https://www.debian.org/security/2022/dsa-5179
2022-06-16
Published