ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
- CVEs
- Documentation
ELS for Languages
- CVEs
- Releases
- Projects
- Documentation

CVE-2022-31628

Updated: 2023-03-10 12:28:07.061403

Description:

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0
CVSS Version 3.x	MEDIUM	5.5

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated
CentOS 6 ELS	php	5.3.3	5.5	MEDIUM	Ignored		2022-09-29 17:02:31
CentOS 8.4 ELS	php	7.4.6	5.5	MEDIUM	Ignored		2023-03-16 05:06:40
CentOS 8.5 ELS	php	7.4.19	5.5	MEDIUM	Ignored		2023-03-16 05:06:40
CloudLinux 6 ELS	php	5.3.3	5.5	MEDIUM	Ignored		2022-09-29 17:02:30
Oracle Linux 6 ELS	php	5.3.3	5.5	MEDIUM	Ignored		2022-09-29 17:02:32
Ubuntu 16.04 ELS	php	7.0.33	5.5	MEDIUM	Released	CLSA-2023:1679944242	2023-03-27 17:07:04
Ubuntu 18.04 ELS	php	7.2.24-0	5.5	MEDIUM	Needs Triage		2023-03-06 07:38:17