HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2022-31627

CVSS 7.7v3.1pub. 2022-07-28upd. 2024-11-21

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
  • PHP

    APP
    Php
    8.1.0 – 8.1.8 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2012-1823CRITICAL9.8⚠ KEVten sam produkt

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi)...

CVE-2026-6722CRITICAL9.5PL ✓ten sam produkt

Use-after-free w rozszerzeniu SOAP PHP umożliwiające RCE

CVE-2024-11235CRITICAL9.2PL ✓ten sam produkt

PHP use-after-free przez __set lub ??= z wyjątkami — RCE

CVE-2022-31631CRITICAL9.1PL ✓ten sam produkt

PHP PDO SQLite — błędne cytowanie ciągów prowadzące do SQL injection