In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Fixes

Solution

Upgrade to PHP 7.4.31, 8.0.24, or 8.1.11.


Workaround

No workaround given by the vendor.

History

Tue, 20 May 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published:

Updated: 2025-05-20T20:24:57.733Z

Reserved: 2022-05-25T00:00:00.000Z

Link: CVE-2022-31628

cve-icon Vulnrichment

Updated: 2024-08-03T07:25:59.512Z

cve-icon NVD

Status : Modified

Published: 2022-09-28T23:15:09.497

Modified: 2024-11-21T07:04:53.293

Link: CVE-2022-31628

cve-icon Redhat

Severity : Low

Publid Date: 2022-09-29T00:00:00Z

Links: CVE-2022-31628 - Bugzilla

cve-icon OpenCVE Enrichment

No data.