In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=81719 | issue tracking mailing list patch vendor advisory exploit |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/ | vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/ | vendor advisory |
| https://www.debian.org/security/2022/dsa-5179 | third party advisory vendor advisory |
| https://security.netapp.com/advisory/ntap-20220722-0005/ | third party advisory |
| https://security.gentoo.org/glsa/202209-20 | third party advisory vendor advisory |
| https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html | third party advisory mailing list |