Bug 2133688 (CVE-2022-31628) - CVE-2022-31628 php: phar: infinite loop when decompressing quine gzip file
Summary: CVE-2022-31628 php: phar: infinite loop when decompressing quine gzip file
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-31628
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2133690 2135291 2135293 2135294 2135295 2135296 2161666 2161667
Blocks: 2130767
TreeView+ depends on / blocked
 
Reported: 2022-10-11 07:52 UTC by TEJ RATHI
Modified: 2023-05-17 01:44 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition.
Clone Of:
Environment:
Last Closed: 2023-05-17 01:44:09 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:0848 0 None None None 2023-02-21 09:31:10 UTC
Red Hat Product Errata RHSA-2023:0965 0 None None None 2023-02-28 08:20:38 UTC
Red Hat Product Errata RHSA-2023:2417 0 None None None 2023-05-09 07:45:33 UTC
Red Hat Product Errata RHSA-2023:2903 0 None None None 2023-05-16 08:26:27 UTC

Description TEJ RATHI 2022-10-11 07:52:07 UTC 
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

https://bugs.php.net/bug.php?id=81726
Comment 1 TEJ RATHI 2022-10-11 07:54:43 UTC 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 2133690]
Comment 3 TEJ RATHI 2022-10-17 08:57:11 UTC 
Upstream Commits:
https://github.com/php/php-src/commit/404e8bdb68350931176a5bdc86fc417b34fb583d
https://github.com/php/php-src/commit/432bf196d59bcb661fcf9cb7029cea9b43f490af
Comment 4 errata-xmlrpc 2023-02-21 09:31:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0848 https://access.redhat.com/errata/RHSA-2023:0848
Comment 5 errata-xmlrpc 2023-02-28 08:20:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0965 https://access.redhat.com/errata/RHSA-2023:0965
Comment 6 mhoward 2023-04-29 02:40:59 UTC 
Will this be fixed in the PHP 7.4 Full Life Application Stream for RHEL8?
Comment 7 errata-xmlrpc 2023-05-09 07:45:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2417 https://access.redhat.com/errata/RHSA-2023:2417
Comment 8 errata-xmlrpc 2023-05-16 08:26:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2903 https://access.redhat.com/errata/RHSA-2023:2903
Comment 9 Product Security DevOps Team 2023-05-17 01:44:07 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-31628
Note You need to log in before you can comment on or make changes to this bug.