Lucene search
AlmaLinuxALSA-2022:5904HistoryAug 04, 2022 - 12:00 a.m.
Important: php security update
2022-08-0400:00:00
errata.almalinux.org
10
php
buffer overflow
rce
cve-2022-31626
apache http server
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.6%
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: password of excessive length triggers buffer overflow leading to RCE (CVE-2022-31626)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | x86_64 | php-opcache | < 8.0.13-2.el9_0 | php-opcache-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php-mysqlnd | < 8.0.13-2.el9_0 | php-mysqlnd-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php-fpm | < 8.0.13-2.el9_0 | php-fpm-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php-pgsql | < 8.0.13-2.el9_0 | php-pgsql-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php-devel | < 8.0.13-2.el9_0 | php-devel-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php-dbg | < 8.0.13-2.el9_0 | php-dbg-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php-ldap | < 8.0.13-2.el9_0 | php-ldap-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php | < 8.0.13-2.el9_0 | php-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php-gd | < 8.0.13-2.el9_0 | php-gd-8.0.13-2.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | php-bcmath | < 8.0.13-2.el9_0 | php-bcmath-8.0.13-2.el9_0.x86_64.rpm |
Related
nessus
nessus
RHEL 8 : php:8.0 (RHSA-2022:5468)
2022-06-30 00:00:00
Rocky Linux 8 : php:7.4 (RLSA-2022:5467)
2022-07-11 00:00:00
Oracle Linux 9 : php (ELSA-2022-5904)
2022-08-05 00:00:00
osv
osv
Important: php security update
2022-08-04 00:00:00
BIT-php-2022-31626
2024-03-06 11:04:13
CVE-2022-31626
2022-06-16 06:15:08
redhat
redhat
(RHSA-2022:5471) Important: php:7.4 security update
2022-06-30 21:30:51
(RHSA-2022:5904) Important: php security update
2022-08-04 09:53:47
(RHSA-2022:5467) Important: php:7.4 security update
2022-06-30 21:27:47
debiancve
debiancve
CVE-2022-31626
2022-06-16 06:15:08
oraclelinux
oraclelinux
php:8.0 security update
2022-07-04 00:00:00
php security update
2022-08-04 00:00:00
php:7.4 security update
2022-07-04 00:00:00
redhatcve
redhatcve
CVE-2022-31626
2022-06-20 05:01:27
nvd
nvd
CVE-2022-31626
2022-06-16 06:15:08
almalinux
almalinux
ALSA-2022:5468: php:8.0 security update (Important)
2022-06-30 00:00:00
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Php
2022-12-06 16:19:03
thn
thn
Resolving Availability vs. Security, a Constant Conflict in IT
2022-08-05 10:20:00
rocky
rocky
php security update
2022-08-04 09:53:47
php:7.4 security update
2022-06-30 21:27:47
php:8.0 security update
2022-06-30 21:27:49
prion
prion
Remote code execution
2022-06-16 06:15:00
alpinelinux
alpinelinux
CVE-2022-31626
2022-06-16 06:15:08
cve
cve
CVE-2022-31626
2022-06-16 06:15:08
cbl_mariner
cbl_mariner
CVE-2022-31626 affecting package php 7.4.14-3
2024-07-09 09:08:46
cvelist
cvelist
CVE-2022-31626 mysqlnd/pdo password buffer overflow
2022-06-06 00:00:00
veracode
veracode
Buffer Overflow
2022-06-13 02:07:10
ubuntucve
ubuntucve
CVE-2022-31626
2022-06-13 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2161-1)
2022-06-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2183-1)
2022-06-27 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2022-06-19 00:30:41
f5
f5
K19150034 : PHP vulnerabilities CVE-2022-31625, CVE-2022-31626
2022-07-12 00:00:00
ubuntu
ubuntu
PHP regression
2022-07-07 00:00:00
PHP vulnerabilities
2022-06-15 00:00:00
PHP vulnerabilities
2022-07-04 00:00:00
suse
suse
Security update for php7 (important)
2022-06-24 00:00:00
Security update for php7 (important)
2022-07-05 00:00:00
Security update for php8 (important)
2022-07-06 00:00:00
slackware
slackware
[slackware-security] php
2022-06-13 21:14:24
fedora
fedora
[SECURITY] Fedora 35 Update: php-8.0.20-1.fc35
2022-06-17 01:19:38
[SECURITY] Fedora 36 Update: php-8.1.7-1.fc36
2022-06-17 01:14:59
altlinux
altlinux
Security fix for the ALT Linux 10 package php7 version 7.4.30-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.1.7-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package php8.2 version 8.1.7-alt1
2022-06-16 00:00:00
debian
debian
[SECURITY] [DSA 5179-1] php7.4 security update
2022-07-08 19:27:23
[SECURITY] [DLA 3243-1] php7.3 security update
2022-12-15 18:33:17
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-09-29 00:00:00
redos
redos
ROS-20220826-01
2022-08-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.6%
Related for ALSA-2022:5904