Heap buffer overflow in finfo_buffer
CVE-2022-31627

7.7HIGH

Key Information:

Vendor: PHP Group
Status: PHP
Vendor: CVE Published:; 28 July 2022

What is CVE-2022-31627?

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

Affected Version(s)

PHP 8.1.X < 8.1.8

References

https://bugs.php.net/bug.php?id=81723

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220826-0008/

x_refsource_CONFIRM

https://security.gentoo.org/glsa/202209-20

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
May 25, 2022

Credit

reported by xd4rker at gmail dot com

PHP Group

What is CVE-2022-31627?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit