Lucene search
Ubuntu.comUB:CVE-2022-31628HistorySep 28, 2022 - 12:00 a.m.
CVE-2022-31628
2022-09-2800:00:00
ubuntu.com
ubuntu.com
20
0.0005 Low
EPSS
Percentile
17.7%
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor
code would recursively uncompress “quines” gzip files, resulting in an
infinite loop.
Notes
| Author | Note |
|---|---|
| sbeattie | PEAR issues should go against php-pear as of xenial |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 14.04 | noarch | php5 | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | php7.0 | < 7.0.33-0ubuntu0.16.04.16+esm5 | UNKNOWN |
| ubuntu | 18.04 | noarch | php7.2 | < 7.2.24-0ubuntu0.18.04.15 | UNKNOWN |
| ubuntu | 20.04 | noarch | php7.4 | < 7.4.3-4ubuntu2.15 | UNKNOWN |
| ubuntu | 22.04 | noarch | php8.1 | < 8.1.2-1ubuntu2.8 | UNKNOWN |
| ubuntu | 22.10 | noarch | php8.1 | < 8.1.7-1ubuntu3.1 | UNKNOWN |
| ubuntu | 23.04 | noarch | php8.1 | < 8.1.12-1ubuntu2 | UNKNOWN |
References
bugs.php.net/bug.php?id=81726
github.com/php/php-src/commit/404e8bdb68350931176a5bdc86fc417b34fb583d
github.com/php/php-src/commit/432bf196d59bcb661fcf9cb7029cea9b43f490af
launchpad.net/bugs/cve/CVE-2022-31628
nvd.nist.gov/vuln/detail/CVE-2022-31628
security-tracker.debian.org/tracker/CVE-2022-31628
ubuntu.com/security/notices/USN-5717-1
ubuntu.com/security/notices/USN-5905-1
www.cve.org/CVERecord?id=CVE-2022-31628
Related
cnvd
cnvd
PHP Denial of Service Vulnerability
2022-09-30 00:00:00
prion
prion
Code injection
2022-09-28 23:15:00
osv
osv
BIT-php-2022-31628
2024-03-06 11:03:52
CVE-2022-31628
2022-09-28 23:15:09
Moderate: php:8.1 security update
2023-05-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-30 11:08:30
redhatcve
redhatcve
CVE-2022-31628
2022-10-13 14:29:46
debiancve
debiancve
CVE-2022-31628
2022-09-28 23:15:00
cvelist
cvelist
CVE-2022-31628 phar wrapper can occur dos when using quine gzip file
2022-09-27 00:00:00
alpinelinux
alpinelinux
CVE-2022-31628
2022-09-28 23:15:00
cve
cve
CVE-2022-31628
2022-09-28 23:15:00
cbl_mariner
cbl_mariner
CVE-2022-31628 affecting package php 7.4.14-3
2024-06-02 15:22:43
openvas
openvas
Fedora: Security Advisory for php (FEDORA-2022-0b77fbd9e7)
2022-10-07 00:00:00
Mageia: Security Advisory (MGASA-2022-0362)
2022-10-10 00:00:00
Slackware: Security Advisory (SSA:2022-273-02)
2022-10-03 00:00:00
nessus
nessus
PHP 8.1.x < 8.1.11 Multiple Vulnerabilities
2022-09-29 00:00:00
Fedora 36 : php (2022-0b77fbd9e7)
2022-12-23 00:00:00
PHP 8.0.x < 8.0.24 Multiple Vulnerabilities
2022-10-02 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2022-10-08 23:22:22
slackware
slackware
[slackware-security] php
2022-09-30 18:00:43
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.2 version 8.1.11-alt1
2022-09-30 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.1.11-alt1
2022-10-11 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: php-8.0.24-1.fc35
2022-10-07 13:13:29
[SECURITY] Fedora 36 Update: php-8.1.11-1.fc36
2022-10-06 15:15:28
[SECURITY] Fedora 37 Update: php-8.1.12-1.fc37
2022-11-10 22:53:48
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-11-19 00:00:00
debian
debian
[SECURITY] [DSA 5277-1] php7.4 security update
2022-11-13 18:52:43
almalinux
almalinux
Moderate: php:8.1 security update
2023-05-09 00:00:00
Moderate: php:8.0 security update
2023-02-21 00:00:00
Moderate: php security update
2023-02-28 00:00:00
rocky
rocky
php security update
2023-04-06 15:53:36
php:8.0 security update
2023-02-22 01:08:53
redhat
redhat
(RHSA-2023:2417) Moderate: php:8.1 security update
2023-05-09 05:10:10
(RHSA-2023:2903) Moderate: php:7.4 security update
2023-05-16 05:57:44
(RHSA-2023:0965) Moderate: php security update
2023-02-28 07:53:30
oraclelinux
oraclelinux
php:7.4 security update
2023-05-24 00:00:00
php security update
2023-02-28 00:00:00
8.1 security update
2023-05-15 00:00:00
ibm
ibm
hp
hp
HP Device Manager Security Updates
2023-04-13 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00