CVE-2022-31627
Heap buffer overflow in finfo_buffer
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
We have discovered 63,448 live websites that are affected by CVE-2022-31627.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 63,448 live websites (0.52% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-31627 and the relative popularity of websitesDetails
- Published - Jul 5, 2022
- Updated - Sep 29, 2022
Credits
- reported by xd4rker at gmail dot com
CWE
CVE References
CWE References
Countries
 United States | 16,479 websites |
 France | 25,768 websites |
 Germany | 2,507 websites |
 Sweden | 2,350 websites |
 Russia | 2,128 websites |
 Belgium | 1,283 websites |
 Poland | 1,279 websites |
 Italy | 1,243 websites |
 GB | 1,239 websites |
 Spain | 1,173 websites |
TLDs
| .com | 26,978 websites |
| .fr | 11,680 websites |
| .org | 3,646 websites |
| .se | 1,981 websites |
| .ru | 1,841 websites |
| .net | 1,745 websites |
| .de | 1,672 websites |
| .be | 1,441 websites |
| .pl | 980 websites |
| .it | 950 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2022-31627 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=81723
- https://security.netapp.com/advisory/ntap-20220826-0008/
- https://security.gentoo.org/glsa/202209-20
Websites affected by CVE-2022-31627
Top websites that are affected by CVE-2022-31627. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.com |  Singapore | *,*** | |
| *********.ru | Russia | **,*** | |
| ***.********.com | United States | **,*** | |
| *****.********.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| ***.*******.info |  Austria | **,*** | |
| ****.com | Belgium | **,*** | |
| ***.org | United States | **,*** | |
| *****.org | Russia | **,*** | |
| *****.gov | United States | **,*** |