Lucene search
Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5479-2.NASLHistoryJul 05, 2022 - 12:00 a.m.
Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5479-2)
2022-07-0500:00:00
Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
33
ubuntu 16.04 esm
php vulnerabilities
postgres
pdo_mysql
rce vulnerability
denial of service
buffer overflow
remote code execution
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.008
Percentile
81.6%
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5479-2 advisory.
USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5479-2. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(162718);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/28");
script_cve_id("CVE-2022-31625", "CVE-2022-31626");
script_xref(name:"USN", value:"5479-2");
script_name(english:"Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5479-2)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-5479-2 advisory.
USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04
ESM.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5479-2");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31625");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-31626");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/16");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libphp7.0-embed");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-interbase");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-phpdbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-readline");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-sqlite3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-sybase");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-zip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "ubuntu_pro_sub_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var ubuntu_pro_detected = get_kb_item('Host/Ubuntu/Pro/Services/esm-apps');
ubuntu_pro_detected = !empty_or_null(ubuntu_pro_detected);
var pro_caveat_needed = FALSE;
var pkgs = [
{'osver': '16.04', 'pkgname': 'libapache2-mod-php7.0', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'libphp7.0-embed', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-bcmath', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-bz2', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-cgi', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-cli', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-common', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-curl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-dba', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-dev', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-enchant', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-fpm', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-gd', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-gmp', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-imap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-interbase', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-intl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-json', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-ldap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-mbstring', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-mcrypt', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-mysql', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-odbc', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-opcache', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-pgsql', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-phpdbg', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-pspell', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-readline', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-recode', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-snmp', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-soap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-sqlite3', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-sybase', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-tidy', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-xml', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-xmlrpc', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-xsl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'php7.0-zip', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm4', 'ubuntu_pro': TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
var pro_required = NULL;
if (!empty_or_null(package_array['ubuntu_pro'])) pro_required = package_array['ubuntu_pro'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) {
flag++;
if (!ubuntu_pro_detected && !pro_caveat_needed) pro_caveat_needed = pro_required;
}
}
}
if (flag)
{
var extra = '';
if (pro_caveat_needed) {
extra += 'NOTE: This vulnerability check contains fixes that apply to packages only \n';
extra += 'available in Ubuntu ESM repositories. Access to these package security updates \n';
extra += 'require an Ubuntu Pro subscription.\n\n';
}
extra += ubuntu_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-php7.0 / libphp7.0-embed / php7.0 / php7.0-bcmath / etc');
}
Related
slackware
slackware
[slackware-security] php
2022-06-13 21:14:24
nessus
nessus
EulerOS 2.0 SP8 : php (EulerOS-SA-2022-2229)
2022-08-17 00:00:00
Ubuntu 18.04 LTS : PHP regression (USN-5479-3)
2022-07-08 00:00:00
suse
suse
Security update for php7 (important)
2022-07-05 00:00:00
Security update for php7 (important)
2022-06-24 00:00:00
Security update for php8 (important)
2022-07-06 00:00:00
openvas
openvas
openSUSE: Security Advisory for php7 (SUSE-SU-2022:2185-1)
2022-06-25 00:00:00
Fedora: Security Advisory for php (FEDORA-2022-0a96e5b9b1)
2022-06-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2185-1)
2022-06-27 00:00:00
osv
osv
php7.4 - security update
2022-07-08 00:00:00
php7.2 regression
2022-07-07 21:53:43
php7.2, php7.4, php8.0, php8.1 vulnerabilities
2022-06-15 11:25:17
fedora
fedora
[SECURITY] Fedora 35 Update: php-8.0.20-1.fc35
2022-06-17 01:19:38
[SECURITY] Fedora 36 Update: php-8.1.7-1.fc36
2022-06-17 01:14:59
debian
debian
[SECURITY] [DSA 5179-1] php7.4 security update
2022-07-08 19:27:23
[SECURITY] [DLA 3243-1] php7.3 security update
2022-12-15 18:33:17
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.1 version 8.1.7-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package php7 version 7.4.30-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.20-alt1
2022-06-21 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2022-06-19 00:30:41
ubuntu
ubuntu
PHP regression
2022-07-07 00:00:00
PHP vulnerabilities
2022-07-04 00:00:00
PHP vulnerabilities
2022-06-15 00:00:00
f5
f5
K19150034 : PHP vulnerabilities CVE-2022-31625, CVE-2022-31626
2022-07-12 00:00:00
redhat
redhat
(RHSA-2022:5491) Important: rh-php73-php security and bug fix update
2022-07-04 07:07:16
(RHSA-2022:6158) Moderate: php:7.4 security update
2022-08-24 15:03:01
(RHSA-2022:5468) Important: php:8.0 security update
2022-06-30 21:27:49
almalinux
almalinux
Moderate: php:7.4 security update
2022-08-24 00:00:00
ALSA-2022:5468: php:8.0 security update (Important)
2022-06-30 00:00:00
Important: php security update
2022-08-04 00:00:00
alpinelinux
alpinelinux
CVE-2022-31625
2022-06-16 06:15:08
CVE-2022-31626
2022-06-16 06:15:08
rocky
rocky
php:7.4 security update
2022-08-24 15:03:01
php security update
2022-08-04 09:53:47
php:8.0 security update
2022-06-30 21:27:49
cvelist
cvelist
CVE-2022-31625 Freeing unallocated memory in php_pgsql_free_params()
2022-06-16 05:45:15
CVE-2022-31626 mysqlnd/pdo password buffer overflow
2022-06-16 05:45:16
oraclelinux
oraclelinux
php:8.0 security update
2022-07-04 00:00:00
php:7.4 security update
2022-07-04 00:00:00
php security update
2022-08-04 00:00:00
debiancve
debiancve
CVE-2022-31626
2022-06-16 06:15:08
CVE-2022-31625
2022-06-16 06:15:08
prion
prion
Remote code execution
2022-06-16 06:15:00
Denial of service
2022-06-16 06:15:00
cve
cve
CVE-2022-31626
2022-06-16 06:15:08
CVE-2022-31625
2022-06-16 06:15:08
cbl_mariner
cbl_mariner
CVE-2022-31626 affecting package php 7.4.14-3
2024-09-18 21:14:20
CVE-2022-31625 affecting package php 7.4.14-3
2024-09-18 21:14:20
nvd
nvd
CVE-2022-31625
2022-06-16 06:15:08
CVE-2022-31626
2022-06-16 06:15:08
redhatcve
redhatcve
CVE-2022-31626
2022-06-20 05:01:27
CVE-2022-31625
2022-06-20 05:01:17
thn
thn
Resolving Availability vs. Security, a Constant Conflict in IT
2022-08-05 10:20:00
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Php
2022-12-06 16:19:03
ubuntucve
ubuntucve
CVE-2022-31626
2022-06-13 00:00:00
CVE-2022-31625
2022-06-13 00:00:00
veracode
veracode
Buffer Overflow
2022-06-13 02:07:10
Remote Code Execution (RCE)
2022-06-13 01:57:35
cloudlinux
cloudlinux
Fixed CVE-2022-31625 in php
2022-07-18 19:05:49
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-09-29 00:00:00
redos
redos
ROS-20220826-01
2022-08-26 00:00:00
amazon
amazon
Important: php
2023-11-29 22:20:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.008
Percentile
81.6%
Related for UBUNTU_USN-5479-2.NASL