PHP PostgreSQL Extensions Error Handling Vulnerability Leading to Crashes

A vulnerability exists in the PHP PostgreSQL extensions (pgsql and pdo_pgsql) in versions 8.1.* prior to 8.1.33, 8.2.* prior to 8.2.29, 8.3.* prior to 8.3.23, and 8.4.* through 8.4.9. The issue arises because the escaping functions do not properly check for errors from the underlying quoting functions. This oversight could lead to crashes if the PostgreSQL server rejects the string as invalid. Additionally, the lack of error checking could potentially allow for SQL injection attacks.

Impact

The vulnerability could cause crashes due to null pointer dereferences, as the missing error handling allows invalid strings to be processed without proper validation. This could lead to undefined behavior in some cases. Furthermore, the inadequate error checking in the escaping functions could create opportunities for SQL injection attacks, as improperly escaped strings might be exploited to manipulate SQL queries.

Remediation

Users can upgrade to PHP versions 8.1.33, 8.2.29, 8.3.23, or 8.4.10 to address this vulnerability.