Nielsdos

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.0.* before 8.0.30 PHP versions 8.1.* before 8.1.22 PHP versions 8.2.* before 8.2.8 **Description** The issue is caused by insufficient length checking when loading phar files, leading to a stack buffer overflow, which can result in memory corruption or remote code execution (RCE). This vulnerability was reportedly exploited by law enforcement agencies in Operation Cronos to compromise the LockBit ransomware group's infrastructure. The group claims that the vulnerability, specifically in PHP version 8.1.2, was used to gain access to their servers. It is estimated that over 2000 individuals and organizations have been affected by LockBit, with the group demanding over $91 million in ransom from American organizations alone. The vulnerability allows for RCE, which can enable attackers to execute arbitrary code on the affected system. **Recommendations** For PHP versions 8.0.* before 8.0.30, update to version 8.0.30 or later. For PHP versions 8.1.* before 8.1.22, update to version 8.1.22 or later. For PHP versions 8.2.* before 8.2.8, update to version 8.2.8 or later. As a temporary workaround, consider disabling the phar functionality until a patch is available. Restrict access to phar files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.0.* through 8.0.28 PHP versions 8.1.* through 8.1.19 PHP versions 8.2.* through 8.2.6 **Description** The issue is related to the use of a random value generator with a narrower range of values than it should have when using SOAP HTTP Digest Authentication. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. **Recommendations** For PHP versions 8.0.* through 8.0.28, update to version 8.0.29 or later. For PHP versions 8.1.* through 8.1.19, update to version 8.1.20 or later. For PHP versions 8.2.* through 8.2.6, update to version 8.2.7 or later. As a temporary workaround, consider disabling the SOAP HTTP Digest Authentication until a patch is available.

**Nome do software vulnerável e versões afetadas** Versões do PHP anteriores à 7.4.31 Versões do PHP anteriores à 8.0.24 Versões do PHP anteriores à 8.1.11 **Descrição** O problema está relacionado à validação incorreta de entradas no PHP, permitindo que invasores da rede e do mesmo site definam um cookie padrão não seguro no navegador da vítima, que é tratado como um cookie ` Host-` ou ` Secure-` pelas aplicações PHP. Isso permite que invasores remotos estabeleçam cookies não seguros. **Recomendações** Para versões do PHP anteriores à 7.4.31, atualize para a versão 7.4.31 ou posterior. Para versões do PHP anteriores à 8.0.24, atualize para a versão 8.0.24 ou posterior. Para versões do PHP anteriores à 8.1.11, atualize para a versão 8.1.11 ou posterior.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.3.12 PHP versions 5.4.x prior to 5.4.2 **Description** The issue arises from insufficient input validation in the sapi/cgi/cgi main.c component of the PHP interpreter. This allows remote attackers to execute arbitrary code by placing command-line options in the query string, specifically when the query string lacks an equals sign character. The vulnerability is related to the lack of skipping a certain php getopt for the 'd' case. **Recommendations** For PHP versions prior to 5.3.12, update to version 5.3.12 or later. For PHP versions 5.4.x prior to 5.4.2, update to version 5.4.2 or later. As a temporary workaround, consider restricting access to the CGI script to minimize the risk of exploitation.