40 matches found
Astra Linux – Vulnerability in PHP 7.3
In PHP versions prior to 7.4.31, 8.0.24, and 8.1.11, the phar uncompressor code would recursively uncompress “quines” gzip files, resulting in an infinite loop...
Linux Distros Unpatched Vulnerability : CVE-2022-31628
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop...
BIT-PHP-MIN-2022-31628 phar wrapper can occur dos when using quine gzip file
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...
BIT-PHP-2022-31628 phar wrapper can occur dos when using quine gzip file
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...
Medium: php
Issue Overview: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...
Medium: php
Issue Overview: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...
OESA-2023-1566 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
The vulnerability of the PlainTextUncompressor::UncompressItem function in the XML data compression tool Xmill allows a attacker to execute arbitrary code.
The vulnerability of the PlainTextUncompressor::UncompressItem function in the XML data compression tool Xmill is related to a memory boundary error during XML file processing. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
Oracle Linux 8 : php:7.4 (ELSA-2023-2903)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2903 advisory. - CVE-2015-2331: integer overflow when processing ZIP archives 1204676,1204677 - fixes for CVE-2012-1162 and CVE-2012-1163 - fix: due to an integer...
Vulnerability of the Decompression Enumeration function in Uncompressor::UncompressItem. This compression tool for XML data allows attackers to execute arbitrary code.
Vulnerability of Decompression Enumeration function: Uncompressor::UncompressItem, an XML data compression tool, is vulnerable to a memory boundary error during XML file processing. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
php: phar: infinite loop when decompressing quine gzip file
A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of servi...
OESA-2023-1271 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
OESA-2023-1272 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
php: phar: infinite loop when decompressing quine gzip file
A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of servi...
RHEL 9 : php (RHSA-2023:0965)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0965 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...
Oracle Linux 9 : php (ELSA-2023-0965)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0965 advisory. 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...
Rocky Linux 8 : php:8.0 (RLSA-2023:0848)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0848 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute...
Oracle Linux 8 : php:8.0 (ELSA-2023-0848)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0848 advisory. php 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...
php: phar: infinite loop when decompressing quine gzip file
A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of servi...
SUSE CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...