Parameter sniffing is a security feature in most modern programming languages that prevents accidental access to uninitialized data by checking the type of each variable when it is accessed. In PHP versions below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, this safety feature may be circumvented by supplying invalid parameters that lead to PHP attempting to free memory using uninitialized data as pointers. Any user with access to the SQL database or a remote attacker with access to the server who can perform SQL injection can exploit this issue. This issue was addressed in these versions of PHP by limiting the amount of memory that can be allocated or by changing the way invalid parameters are handled.
SQL Injection Vulnerability
In the past, these features were implemented to prevent a malicious user from accessing uninitialized data. In some cases, this can also be used as a means to exploit a SQL injection vulnerability. This issue was addressed in these versions of PHP by limiting the amount of memory that can be allocated or by changing the way invalid parameters are handled.
Timeline
Published on: 06/16/2022 06:15:00 UTC
Last modified on: 08/18/2022 13:11:00 UTC
References
- https://bugs.php.net/bug.php?id=81720
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
- https://www.debian.org/security/2022/dsa-5179
- https://security.netapp.com/advisory/ntap-20220722-0005/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31625