CVE-2022-31625
Freeing unallocated memory in php_pgsql_free_params()
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
We have discovered 945,201 live websites that are affected by CVE-2022-31625.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 945,201 live websites (7.81% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-31625 and the relative popularity of websitesDetails
- Published - Jun 6, 2022
- Updated - Dec 15, 2022
Credits
- c dot fol at ambionics dot io
CWE
CVE References
CWE References
Countries
 United States | 352,863 websites |
 France | 216,270 websites |
 Russia | 39,986 websites |
 Germany | 26,510 websites |
 Japan | 22,514 websites |
 GB | 21,933 websites |
 Canada | 20,833 websites |
 Italy | 17,962 websites |
 Netherlands | 17,537 websites |
 Poland | 16,851 websites |
TLDs
| .com | 462,148 websites |
| .fr | 97,275 websites |
| .org | 55,193 websites |
| .ru | 33,104 websites |
| .net | 28,608 websites |
| .de | 15,737 websites |
| .it | 13,861 websites |
| .com.br | 13,479 websites |
| .nl | 13,436 websites |
| .pl | 13,135 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2022-31625 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=81720
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
- https://www.debian.org/security/2022/dsa-5179
- https://security.netapp.com/advisory/ntap-20220722-0005/
- https://security.gentoo.org/glsa/202209-20
- https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html
Websites affected by CVE-2022-31625
Top websites that are affected by CVE-2022-31625. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.pl | Poland | *,*** | |
| ***.*****.pm |  Saint Pierreand Miquelon | *,*** | |
| *******.com | Germany | *,*** | |
| ****.org | GB | *,*** | |
| ***************.org | United States | *,*** | |
| **********.org | United States | *,*** | |
| ******.org | United States | *,*** | |
| ***.**********.org | United States | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** |