CVE-2022-31628
phar wrapper can occur dos when using quine gzip fileIn PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
We have discovered 1,052,163 live websites that are affected by CVE-2022-31628.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.4 before 7.4.31
- from 8 before 8.0.24
- from 8.1 before 8.1.11
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 1,052,163 live websites (8.70% of PHP install base) |
Common Weakness Enumeration
CWE-674 Uncontrolled Recursion