Red Hat: CVE-2022-31631: quote() may return unquoted string due to an integer overflow (Multiple Advisories)

Red Hat: CVE-2022-31631: quote() may return unquoted string due to an integer overflow (Multiple Advisories)

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

02/21/2023

Created

02/22/2023

Added

02/22/2023

Modified

02/14/2025

Description

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Solution(s)

• redhat-upgrade-apcu-panel
• redhat-upgrade-libzip
• redhat-upgrade-libzip-debuginfo
• redhat-upgrade-libzip-debugsource
• redhat-upgrade-libzip-devel
• redhat-upgrade-libzip-tools
• redhat-upgrade-libzip-tools-debuginfo
• redhat-upgrade-php
• redhat-upgrade-php-bcmath
• redhat-upgrade-php-bcmath-debuginfo
• redhat-upgrade-php-cli
• redhat-upgrade-php-cli-debuginfo
• redhat-upgrade-php-common
• redhat-upgrade-php-common-debuginfo
• redhat-upgrade-php-dba
• redhat-upgrade-php-dba-debuginfo
• redhat-upgrade-php-dbg
• redhat-upgrade-php-dbg-debuginfo
• redhat-upgrade-php-debuginfo
• redhat-upgrade-php-debugsource
• redhat-upgrade-php-devel
• redhat-upgrade-php-embedded
• redhat-upgrade-php-embedded-debuginfo
• redhat-upgrade-php-enchant
• redhat-upgrade-php-enchant-debuginfo
• redhat-upgrade-php-ffi
• redhat-upgrade-php-ffi-debuginfo
• redhat-upgrade-php-fpm
• redhat-upgrade-php-fpm-debuginfo
• redhat-upgrade-php-gd
• redhat-upgrade-php-gd-debuginfo
• redhat-upgrade-php-gmp
• redhat-upgrade-php-gmp-debuginfo
• redhat-upgrade-php-intl
• redhat-upgrade-php-intl-debuginfo
• redhat-upgrade-php-json
• redhat-upgrade-php-json-debuginfo
• redhat-upgrade-php-ldap
• redhat-upgrade-php-ldap-debuginfo
• redhat-upgrade-php-mbstring
• redhat-upgrade-php-mbstring-debuginfo
• redhat-upgrade-php-mysqlnd
• redhat-upgrade-php-mysqlnd-debuginfo
• redhat-upgrade-php-odbc
• redhat-upgrade-php-odbc-debuginfo
• redhat-upgrade-php-opcache
• redhat-upgrade-php-opcache-debuginfo
• redhat-upgrade-php-pdo
• redhat-upgrade-php-pdo-debuginfo
• redhat-upgrade-php-pear
• redhat-upgrade-php-pecl-apcu
• redhat-upgrade-php-pecl-apcu-debuginfo
• redhat-upgrade-php-pecl-apcu-debugsource
• redhat-upgrade-php-pecl-apcu-devel
• redhat-upgrade-php-pecl-rrd
• redhat-upgrade-php-pecl-rrd-debuginfo
• redhat-upgrade-php-pecl-rrd-debugsource
• redhat-upgrade-php-pecl-xdebug
• redhat-upgrade-php-pecl-xdebug-debuginfo
• redhat-upgrade-php-pecl-xdebug-debugsource
• redhat-upgrade-php-pecl-xdebug3
• redhat-upgrade-php-pecl-xdebug3-debuginfo
• redhat-upgrade-php-pecl-xdebug3-debugsource
• redhat-upgrade-php-pecl-zip
• redhat-upgrade-php-pecl-zip-debuginfo
• redhat-upgrade-php-pecl-zip-debugsource
• redhat-upgrade-php-pgsql
• redhat-upgrade-php-pgsql-debuginfo
• redhat-upgrade-php-process
• redhat-upgrade-php-process-debuginfo
• redhat-upgrade-php-snmp
• redhat-upgrade-php-snmp-debuginfo
• redhat-upgrade-php-soap
• redhat-upgrade-php-soap-debuginfo
• redhat-upgrade-php-xml
• redhat-upgrade-php-xml-debuginfo
• redhat-upgrade-php-xmlrpc
• redhat-upgrade-php-xmlrpc-debuginfo

References

• CVE-2022-31631
• RHSA-2023:0848
• RHSA-2023:0965
• RHSA-2023:2417
• RHSA-2023:2903