Vulnerability CVE-2022-31628: Information
Description
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugs.php.net/bug.php?id=81726 |
|
DSA-5277 |
|
GLSA-202211-03 |
|
https://security.netapp.com/advisory/ntap-20221209-0001/ |
|
[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update |
|
FEDORA-2022-0b77fbd9e7 | |
FEDORA-2022-afdea1c747 | |
FEDORA-2022-f204e1d0ed |