CVE-2022-31628

Опубликовано: 28 сент. 2022

Источник: debian

Описание

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Пакеты

Пакет	Статус	Версия исправления	Тип
php8.1	fixed	8.1.12-1	package
php7.4	removed		package
php7.3	removed		package

Примечания

Fixed in 8.1.11, 7.4.32
PHP Bug: https://bugs.php.net/bug.php?id=81726
https://github.com/php/php-src/commit/404e8bdb68350931176a5bdc86fc417b34fb583d
https://github.com/php/php-src/commit/432bf196d59bcb661fcf9cb7029cea9b43f490af

Связанные уязвимости

CVE-2022-31628

CVSS3: 2.3

ubuntu

больше 3 лет назад

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

CVE-2022-31628

CVSS3: 4.4

redhat

больше 3 лет назад

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

CVE-2022-31628

CVSS3: 2.3

nvd

больше 3 лет назад

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

CVE-2022-31628

CVSS3: 2.3

msrc

4 месяца назад

phar wrapper can occur dos when using quine gzip file

GHSA-cj46-35hf-rv96

CVSS3: 5.5

github

больше 3 лет назад

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.