CVE-2022-31631 Affecting php-pecl-apcu package, versions <0:5.1.18-1.module+el8.3.0+7685+72d70b58


Severity

Recommended
medium

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE8-PHPPECLAPCU-3329857
  • published23 Feb 2023
  • disclosed12 Feb 2025

Introduced: 23 Feb 2023

CVE-2022-31631  (opens in a new tab)

How to fix?

Upgrade Oracle:8 php-pecl-apcu to version 0:5.1.18-1.module+el8.3.0+7685+72d70b58 or higher.
This issue was patched in ELSA-2023-2903.

NVD Description

Note: Versions mentioned in the description apply only to the upstream php-pecl-apcu package and not the php-pecl-apcu package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

CVSS Scores

version 3.1