PHP 8.0.x < 8.0.25 Multiple Vulnerabilities - Keccak XKCP SHA-3 and imageloadfont() issue
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
ALT Linux | Security fix for the ALT Linux 10 package php8.2 version 8.1.12-alt1 | 31 Oct 202200:00 | – | altlinux |
ALT Linux | Security fix for the ALT Linux 10 package php8.0 version 8.0.25-alt1 | 2 Nov 202200:00 | – | altlinux |
ALT Linux | Security fix for the ALT Linux 10 package php8.1 version 8.1.12-alt1 | 3 Nov 202200:00 | – | altlinux |
ALT Linux | Security fix for the ALT Linux 10 package python3 version 3.9.16-alt1 | 27 Mar 202300:00 | – | altlinux |
Tenable Nessus | PHP 8.1.x < 8.1.12 Multiple Vulnerabilities | 29 Oct 202200:00 | – | nessus |
Tenable Nessus | PHP 8.2.x < 8.2.0 Multiple Vulnerabilities | 8 Dec 202200:00 | – | nessus |
Tenable Nessus | PHP 7.4.x < 7.4.33 Multiple Vulnerabilities | 7 Nov 202200:00 | – | nessus |
Tenable Nessus | PHP 7.4.x < 7.4.33 Multiple Vulnerabilities | 3 Nov 202200:00 | – | nessus |
Tenable Nessus | Slackware Linux 15.0 / current php80 Multiple Vulnerabilities (SSA:2022-304-02) | 1 Nov 202200:00 | – | nessus |
Tenable Nessus | Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2022-314-01) | 11 Nov 202200:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(166677);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id("CVE-2022-31630", "CVE-2022-37454");
script_xref(name:"IAVA", value:"2022-A-0455-S");
script_xref(name:"IAVA", value:"2022-A-0515-S");
script_name(english:"PHP 8.0.x < 8.0.25 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The version PHP running on the remote web server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of PHP installed on the remote host is prior to 8.0.25. It is, therefore, affected by multiple
vulnerabilities as referenced in the Version 8.0.25 advisory.
- The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer
overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
This occurs in the sponge function interface. (CVE-2022-37454)
- In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension,
it is possible to supply a specially crafted font file, such as if the loaded font is used with
imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or
disclosure of confidential information. (CVE-2022-31630)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://bugs.php.net/81738");
script_set_attribute(attribute:"see_also", value:"http://bugs.php.net/81739");
script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-8.php#8.0.25");
script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 8.0.25 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-37454");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/21");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/28");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("php_version.nasl");
script_require_keys("www/PHP", "installed_sw/PHP");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:80, php:TRUE);
var app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);
var backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');
if ((report_paranoia < 2) && backported)
audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');
var constraints = [
{ 'min_version' : '8.0.0alpha1', 'fixed_version' : '8.0.25' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo