CVE-2022-31628

Updated: 2022-11-22 19:49:38.28732

Description:

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
EL 6 PHP php 5.3 5.5 MEDIUM Released CLSA-2022:1668724374 2022-11-17 20:16:23
EL 6 PHP php 7.1 5.5 MEDIUM Released CLSA-2022:1668726567 2022-11-17 20:16:23
EL 6 PHP php 5.6 5.5 MEDIUM Released CLSA-2022:1668725481 2022-11-17 20:16:23
EL 6 PHP php 5.2 5.5 MEDIUM Released CLSA-2022:1668724026 2022-11-17 20:16:23
EL 6 PHP php 7.3 5.5 MEDIUM Released CLSA-2022:1668727418 2022-11-17 20:16:23
EL 6 PHP php 7.2 5.5 MEDIUM Released CLSA-2022:1668727005 2022-11-17 20:16:23
EL 6 PHP php 7.0 5.5 MEDIUM Released CLSA-2022:1668725884 2022-11-17 20:16:23
EL 6 PHP php 5.4 5.5 MEDIUM Released CLSA-2022:1668724734 2022-11-17 20:16:23
EL 6 PHP php 5.5 5.5 MEDIUM Released CLSA-2022:1668725133 2022-11-17 20:16:23
EL 6 PHP php 5.1 5.5 MEDIUM Not Vulnerable 2022-11-08 13:02:01
Total: 70

Statement

Will not fix: low score