Описание
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Out of support scope | ||
| Red Hat Software Collections | rh-php73-php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2023:0848 | 21.02.2023 |
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2023:2903 | 16.05.2023 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2023:0965 | 28.02.2023 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2023:2417 | 09.05.2023 |
Показывать по
Дополнительная информация
Статус:
4.4 Medium
CVSS3
Связанные уязвимости
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Уязвимость языка программирования PHP, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
4.4 Medium
CVSS3