CVE-2022-31626 Information

Description

In PHP versions 7.4.x below 7.4.30 8.0.x below 8.0.20 and 8.1.x below 8.1.7 when pdo_mysql extension with mysqlnd driver if the third party is allowed to supply host to connect to and the password for the connection password of excessive length can trigger a buffer overflow in PHP which can lead to a remote code execution vulnerability.

Reference

https://bugs.php.net/bug.php?id=81719