Bug 2133687 (CVE-2022-31629) - CVE-2022-31629 php: standard insecure cookie could be treated as a `__Host-` or `__Secure-` cookie by PHP applications
Summary: CVE-2022-31629 php: standard insecure cookie could be treated as a `__Host-` ...
Keywords:
Status: NEW
Alias: CVE-2022-31629
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2135291 2135293 2135294 2135295 2161666 2161667 2133691 2135296
Blocks: 2130767
TreeView+ depends on / blocked
 
Reported: 2022-10-11 07:52 UTC by TEJ RATHI
Modified: 2023-01-18 13:22 UTC (History)
4 users (show)

Fixed In Version: php 7.4.31, php 8.0.25
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser, which is treated as a `__Host-` or `__Secure-` cookie by PHP applications, posing a threat to data integrity.
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description TEJ RATHI 2022-10-11 07:52:03 UTC 
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

https://bugs.php.net/bug.php?id=81727
Comment 1 TEJ RATHI 2022-10-11 07:55:31 UTC 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 2133691]
Comment 3 TEJ RATHI 2022-10-17 08:52:17 UTC 
Upstream Commit:
https://github.com/php/php-src/commit/0611be4e82887cee0de6c4cbae320d34eec946ca
Note You need to log in before you can comment on or make changes to this bug.