CVE-2022-31626


mysqlnd/pdo password buffer overflow

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.



We have discovered 945,201 live websites that are affected by CVE-2022-31626.

Contact us to get more info




Affected Software

Product  PHP
Category Programming Languages
Vulnerable Versions
  • from 7.4 before 7.4.30
  • from 8 before 8.0.20
  • from 8.1 before 8.1.7
Total Vulnerable Versions507
Vulnerable Domains945,201 live websites (7.81% of PHP install base)


Common Weakness Enumeration


CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')


Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-31626 and the relative popularity of websites


Details

  • Published - Jun 6, 2022
  • Updated - Dec 15, 2022

Credits

  • c dot fol at ambionics dot io





Countries

United States352,863 websites



France216,270 websites
Russia39,986 websites
Germany26,510 websites
Japan22,514 websites
GB21,933 websites
Canada20,833 websites
Italy17,962 websites
Netherlands17,537 websites
Poland16,851 websites

TLDs

.com462,148 websites
.fr97,275 websites
.org55,193 websites
.ru33,104 websites
.net28,608 websites
.de15,737 websites
.it13,861 websites
.com.br13,479 websites
.nl13,436 websites
.pl13,135 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2022-31626 through included software libraries and plugins.



References


Websites affected by CVE-2022-31626

Top websites that are affected by CVE-2022-31626. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
***.*****.pl Poland*,***
***.*****.pm Saint Pierreand Miquelon*,***
*******.com Germany*,***
****.org GB*,***
***************.org United States*,***
**********.org United States*,***
******.org United States*,***
***.**********.org United States*,***
******.com France*,***
**********.com France*,***
See full domain list