PT-2022-7563 · Php+10 · Php+10

Cmb

·

Published

2022-07-19

·

Updated

2025-11-24

·

CVE-2022-31628

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions PHP versions prior to 7.4.31 PHP versions prior to 8.0.24 PHP versions prior to 8.1.11
Description The issue is related to the execution of a loop with an unreachable exit condition, allowing an attacker to cause a denial of service. In PHP, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Recommendations For PHP versions prior to 7.4.31, update to version 7.4.31 or later. For PHP versions prior to 8.0.24, update to version 8.0.24 or later. For PHP versions prior to 8.1.11, update to version 8.1.11 or later.

Exploit

Fix

Uncontrolled Recursion

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-835

Related Identifiers

ALSA-2023:0848
ALSA-2023:0965
ALSA-2023:2417
ALSA-2023:2903
ALT-PU-2022-2698
ALT-PU-2022-2705
ALT-PU-2022-2715
ALT-PU-2022-2755
ALT-PU-2022-2767
ALT-PU-2022-2810
ALT-PU-2022-2827
ALT-PU-2022-3022
BDU:2024-07319
BIT-LIBPHP-2022-31628
BIT-PHP-2022-31628
BIT-PHP-MIN-2022-31628
CESA-2023_0848
CESA-2023_2903
CVE-2022-31628
DLA-3243-1
DSA-5277-1
MGASA-2022-0362
OESA-2023-1271
OESA-2023-1272
OESA-2023-1566
OPENSUSE-SU-2022_3661-1
OPENSUSE-SU-2022_3830-1
OPENSUSE-SU-2022_3997-1
OPENSUSE-SU-2022_4067-1
OPENSUSE-SU-2022_4069-1
OPENSUSE-SU-2024:12377-1
OPENSUSE-SU-2024:12384-1
RHSA-2023:0848
RHSA-2023:0965
RHSA-2023:2417
RHSA-2023:2903
RHSA-2023_0848
RHSA-2023_0965
RHSA-2023_2417
RHSA-2023_2903
RLSA-2023:0848
RLSA-2023:0965
SUSE-SU-2022:3661-1
SUSE-SU-2022:3830-1
SUSE-SU-2022:3957-1
SUSE-SU-2022:3997-1
SUSE-SU-2022:4067-1
SUSE-SU-2022:4068-1
SUSE-SU-2022:4069-1
USN-5717-1
USN-5905-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu