CVE-2022-31628
phar wrapper can occur dos when using quine gzip file
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
We have discovered 1,052,163 live websites that are affected by CVE-2022-31628.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 1,052,163 live websites (8.70% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-31628 and the relative popularity of websitesDetails
- Published - Sep 27, 2022
- Updated - Dec 15, 2022
Credits
- reported by ohseungju5 at gmail dot com
CWE
CVE References
CWE References
Countries
 United States | 371,796 websites |
 France | 222,333 websites |
 Russia | 47,434 websites |
 Japan | 44,801 websites |
 Germany | 35,101 websites |
 GB | 24,216 websites |
 Netherlands | 24,045 websites |
 Canada | 22,330 websites |
 Italy | 20,042 websites |
 Spain | 19,789 websites |
TLDs
| .com | 503,884 websites |
| .fr | 99,168 websites |
| .org | 59,605 websites |
| .ru | 39,008 websites |
| .net | 33,225 websites |
| .de | 21,442 websites |
| .nl | 18,726 websites |
| .it | 15,331 websites |
| .com.br | 14,838 websites |
| .pl | 14,353 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2022-31628 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=81726
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/
- https://www.debian.org/security/2022/dsa-5277
- https://security.gentoo.org/glsa/202211-03
- https://security.netapp.com/advisory/ntap-20221209-0001/
- https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html
Websites affected by CVE-2022-31628
Top websites that are affected by CVE-2022-31628. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.pl |  Poland | *,*** | |
| ***.*****.pm |  Saint Pierreand Miquelon | *,*** | |
| *******.com | Germany | *,*** | |
| ****.org | GB | *,*** | |
| ***************.org | United States | *,*** | |
| **********.org | United States | *,*** | |
| ******.org | United States | *,*** | |
| ***.**********.org | United States | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** |