Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-31628 CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628) In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a or cookie by PHP applications. (CVE-2022-31629)

Source

ALASPHP8.0-2023-005

Amazon Linux 2 Security Advisory: ALASPHP8.0-2023-005
Advisory Release Date: 2023-08-21 21:00 Pacific
Advisory Updated Date: 2023-09-13 19:32 Pacific

Severity: Medium

References: CVE-2022-31628 CVE-2022-31629
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628)

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a or cookie by PHP applications. (CVE-2022-31629)

Affected Packages:

php

Issue Correction:
Run yum update php to update your system.

New Packages:

aarch64:
    php-8.0.24-1.amzn2.aarch64
    php-cli-8.0.24-1.amzn2.aarch64
    php-dbg-8.0.24-1.amzn2.aarch64
    php-fpm-8.0.24-1.amzn2.aarch64
    php-common-8.0.24-1.amzn2.aarch64
    php-devel-8.0.24-1.amzn2.aarch64
    php-opcache-8.0.24-1.amzn2.aarch64
    php-ldap-8.0.24-1.amzn2.aarch64
    php-pdo-8.0.24-1.amzn2.aarch64
    php-mysqlnd-8.0.24-1.amzn2.aarch64
    php-pgsql-8.0.24-1.amzn2.aarch64
    php-process-8.0.24-1.amzn2.aarch64
    php-odbc-8.0.24-1.amzn2.aarch64
    php-soap-8.0.24-1.amzn2.aarch64
    php-snmp-8.0.24-1.amzn2.aarch64
    php-xml-8.0.24-1.amzn2.aarch64
    php-mbstring-8.0.24-1.amzn2.aarch64
    php-gd-8.0.24-1.amzn2.aarch64
    php-bcmath-8.0.24-1.amzn2.aarch64
    php-gmp-8.0.24-1.amzn2.aarch64
    php-dba-8.0.24-1.amzn2.aarch64
    php-embedded-8.0.24-1.amzn2.aarch64
    php-pspell-8.0.24-1.amzn2.aarch64
    php-intl-8.0.24-1.amzn2.aarch64
    php-enchant-8.0.24-1.amzn2.aarch64
    php-sodium-8.0.24-1.amzn2.aarch64
    php-debuginfo-8.0.24-1.amzn2.aarch64

src:
    php-8.0.24-1.amzn2.src

x86_64:
    php-8.0.24-1.amzn2.x86_64
    php-cli-8.0.24-1.amzn2.x86_64
    php-dbg-8.0.24-1.amzn2.x86_64
    php-fpm-8.0.24-1.amzn2.x86_64
    php-common-8.0.24-1.amzn2.x86_64
    php-devel-8.0.24-1.amzn2.x86_64
    php-opcache-8.0.24-1.amzn2.x86_64
    php-ldap-8.0.24-1.amzn2.x86_64
    php-pdo-8.0.24-1.amzn2.x86_64
    php-mysqlnd-8.0.24-1.amzn2.x86_64
    php-pgsql-8.0.24-1.amzn2.x86_64
    php-process-8.0.24-1.amzn2.x86_64
    php-odbc-8.0.24-1.amzn2.x86_64
    php-soap-8.0.24-1.amzn2.x86_64
    php-snmp-8.0.24-1.amzn2.x86_64
    php-xml-8.0.24-1.amzn2.x86_64
    php-mbstring-8.0.24-1.amzn2.x86_64
    php-gd-8.0.24-1.amzn2.x86_64
    php-bcmath-8.0.24-1.amzn2.x86_64
    php-gmp-8.0.24-1.amzn2.x86_64
    php-dba-8.0.24-1.amzn2.x86_64
    php-embedded-8.0.24-1.amzn2.x86_64
    php-pspell-8.0.24-1.amzn2.x86_64
    php-intl-8.0.24-1.amzn2.x86_64
    php-enchant-8.0.24-1.amzn2.x86_64
    php-sodium-8.0.24-1.amzn2.x86_64
    php-debuginfo-8.0.24-1.amzn2.x86_64

Additional References

Red Hat: CVE-2022-31628, CVE-2022-31629

Mitre: CVE-2022-31628, CVE-2022-31629

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALASPHP8.0-2023-005

ALASPHP8.0-2023-005

Additional References

Vulmon Search

About

Products

Connect