PT-2022-3933 · Php+4 · Php+4

Xd4Rker

Published

2022-06-27

Updated

2025-08-11

CVE-2022-31627

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHP versions 8.1.x below 8.1.8

Description The issue is related to the implementation of the finfo buffer function in PHP, which can lead to heap corruption due to the incorrect use of a function to free allocated memory. This is caused by an incorrect patch applied to the third-party code from libmagic. The exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For PHP versions 8.1.x below 8.1.8, update to version 8.1.8 or later to resolve the issue. As a temporary workaround, consider disabling the use of finfo buffer and other fileinfo functions until a patch is applied. Restrict access to sensitive areas of the application to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-590CWE-122CWE-119

Related Identifiers

ALT-PU-2022-2271

ALT-PU-2022-2303

BDU:2022-04762

BIT-LIBPHP-2022-31627

BIT-PHP-2022-31627

BIT-PHP-MIN-2022-31627

CVE-2022-31627

OPENSUSE-SU-2024:12218-1

USN-5530-1

Affected Products

Alt Linux

Linuxmint

Php

Red Os

Ubuntu

PT-2022-3933 · Php+4 · Php+4

CVE-2022-31627

Weakness Enumeration

Related Identifiers

Affected Products

References · 30