CVE-2022-31625
Freeing unallocated memory in php_pgsql_free_params()In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
We have discovered 252,271 live websites that are affected by CVE-2022-31625.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 252,271 live websites (3.46% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 55 versions ( 11% of all versions) |
Common Weakness Enumeration
CWE-590 Free of Memory not on the HeapDetails
- Published - Jun 16, 2022
- Updated - Sep 16, 2024
Credits
- c dot fol at ambionics dot io
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-31625 United States | 42,222 websites |
 France | 112,038 websites |
 Russia | 10,171 websites |
 Germany | 9,000 websites |
 Japan | 6,885 websites |
 Brazil | 5,902 websites |
 Poland | 5,643 websites |
 Netherlands | 5,101 websites |
 China | 5,099 websites |
 Italy | 4,987 websites |
Website Distribution by TLD
Number of websites using CVE-2022-31625| .com | 98,019 websites |
| .fr | 46,872 websites |
| .org | 10,659 websites |
| .ru | 8,897 websites |
| .net | 7,369 websites |
| .be | 5,690 websites |
| .de | 5,371 websites |
| .pl | 5,357 websites |
| .it | 5,049 websites |
| .com.br | 5,034 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-31625
Top websites that are affected by CVE-2022-31625. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.pl | Poland | *,*** | |
| *********.org | United States | *,*** | |
| **********.org | United States | *,*** | |
| ******.com | France | *,*** | |
| *******.pro | Russia | *,*** | |
| ****.**********.***.uk |  GB | *,*** | |
| ***************.com |  Singapore | *,*** | |
| ******.at |  Austria | *,*** | |
| ******.com | France | *,*** | |
| **.***.ca |  Canada | **,*** |
FAQ
CVE-2022-31625 is Free of Memory not on the Heap in PHP
A total of 252,271 websites have been identified as vulnerable to CVE-2022-31625, based on global website indexing conducted by WebTechSurvey.
The PHP is affected by the CVE-2022-31625 vulnerability.
PHP versions up to 8.1.7 are vulnerable to CVE-2022-31625.
CVE-2022-31625 is resolved in version 8.1.7 of PHP.
References
- https://bugs.php.net/bug.php?id=81720
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
- https://www.debian.org/security/2022/dsa-5179
- https://security.netapp.com/advisory/ntap-20220722-0005/
- https://security.gentoo.org/glsa/202209-20
- https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html