← Zuruck zu CVEs
CVE-2022-31628
LOW2.3
Beschreibung
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE Details
CVSS v3.1 Bewertung2.3
SchweregradLOW
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht9/28/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
debian:debian_linuxfedoraproject:fedoraphp:php
Schwachen (CWE)
CWE-674CWE-835
Referenzen
https://bugs.php.net/bug.php?id=81726(security@php.net)
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html(security@php.net)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/(security@php.net)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/(security@php.net)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/(security@php.net)
https://security.gentoo.org/glsa/202211-03(security@php.net)
https://security.netapp.com/advisory/ntap-20221209-0001/(security@php.net)
https://www.debian.org/security/2022/dsa-5277(security@php.net)
https://bugs.php.net/bug.php?id=81726(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202211-03(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20221209-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5277(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.