CVE-2022-31628 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.3 LOW	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
php	CNA	2.3 LOW	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Affected Products (NVD)

Vendor	Product	Version
php	php	𝑥 < 7.4.31
php	php	8.0.0 ≤ 𝑥 < 8.0.24
php	php	8.1.0 ≤ 𝑥 < 8.1.11
debian	debian_linux	10.0
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

php7.4

bullseye	7.4.33-1+deb11u5 fixed
bullseye (security)	7.4.33-1+deb11u6 fixed

Ubuntu Releases

Ubuntu Product

Codename

php5

bionic	dne
focal	dne
jammy	dne
trusty	needed
xenial	dne

php7.0

bionic	dne
focal	dne
jammy	dne
trusty	dne
xenial	Fixed 7.0.33-0ubuntu0.16.04.16+esm5 released

php7.2

bionic	Fixed 7.2.24-0ubuntu0.18.04.15 released
focal	dne
jammy	dne
trusty	dne
xenial	dne

php7.4

bionic	dne
focal	Fixed 7.4.3-4ubuntu2.15 released
jammy	dne
trusty	dne
xenial	dne

php8.1

bionic	dne
focal	dne
jammy	Fixed 8.1.2-1ubuntu2.8 released
kinetic	Fixed 8.1.7-1ubuntu3.1 released
lunar	Fixed 8.1.12-1ubuntu2 released
mantic	dne
noble	dne
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-674 - Uncontrolled Recursion
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://bugs.php.net/bug.php?id=81726

https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/

https://security.gentoo.org/glsa/202211-03

https://security.netapp.com/advisory/ntap-20221209-0001/

https://www.debian.org/security/2022/dsa-5277

https://bugs.php.net/bug.php?id=81726

https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/

https://security.gentoo.org/glsa/202211-03

https://security.netapp.com/advisory/ntap-20221209-0001/

https://www.debian.org/security/2022/dsa-5277