5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
PHP is a scripting language that executes server-side. a denial of service vulnerability exists in versions of PHP prior to 7.4.31, 8.0.0 and later, 8.0.24 and later, and 8.1.0 and later, and prior to 8.1.11. The vulnerability stems from the fact that the phar decompressor code recursively decompresses quines gzip files, leading to an infinite loop that can be exploited by attackers to The vulnerability can be exploited to launch a denial-of-service attack.
CPE | Name | Operator | Version |
---|---|---|---|
php php | lt | 7.4.31 | |
php php >=8.0.0, | lt | 8.0.24 | |
php php >=8.1.0, | lt | 8.1.11 |