CVE-2022-31627

Updated: 2024-11-30 03:48:21.985172

Description:

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-08-05 17:01:26
CentOS 7 ELS php 5.4.16 9.8 CRITICAL Not Vulnerable 2024-01-22 08:40:42
CentOS 8.4 ELS php 7.4.6 9.8 CRITICAL Not Vulnerable 2022-08-05 17:01:26
CentOS 8.5 ELS php 7.4.19 9.8 CRITICAL Not Vulnerable 2022-08-05 17:01:26
CloudLinux 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-08-05 17:01:26
Oracle Linux 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-08-05 17:01:26
Ubuntu 16.04 ELS php 7.0.33 9.8 CRITICAL Not Vulnerable 2022-08-05 17:01:26
Ubuntu 18.04 ELS php 7.2.24-0 9.8 CRITICAL Not Vulnerable 2023-05-30 08:57:32