CVE-2022-31628

Summary

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.4.X < 7.4.31affected
PHP GroupPHP8.0.X < 8.0.24affected
PHP GroupPHP8.1.X < 8.1.11affected

Weaknesses

  • CWE-674: CWE-674 Uncontrolled Recursion

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References