CVE-2022-31628

Updated: 2024-11-23 03:35:46.060383

Description:

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS php 5.3.3 5.5 MEDIUM Ignored 2022-09-29 17:02:31
CentOS 7 ELS php 5.4.16 5.5 MEDIUM Ignored 2024-01-21 08:36:31
CentOS 8.4 ELS php 7.4.6 5.5 MEDIUM Released CLSA-2023:1686859492 2023-06-15 17:08:38
CentOS 8.5 ELS php 7.4.19 5.5 MEDIUM Released CLSA-2023:1686858853 2023-06-15 17:08:39
CloudLinux 6 ELS php 5.3.3 5.5 MEDIUM Ignored 2022-09-29 17:02:30
Oracle Linux 6 ELS php 5.3.3 5.5 MEDIUM Ignored 2022-09-29 17:02:32
Ubuntu 16.04 ELS php 7.0.33 5.5 MEDIUM Released CLSA-2023:1679944242 2023-03-27 17:07:04
Ubuntu 18.04 ELS php 7.2.24-0 5.5 MEDIUM Already Fixed 2023-07-04 17:06:48