CVE-2022-31628
phar wrapper can occur dos when using quine gzip fileIn PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
We have discovered 1,052,163 live websites that are affected by CVE-2022-31628.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.4 before 7.4.31
- from 8 before 8.0.24
- from 8.1 before 8.1.11
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 1,052,163 live websites (8.70% of PHP install base) |
Common Weakness Enumeration
CWE-674 Uncontrolled Recursion
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-31628 and the relative popularity of websites