ALT-PU-2022-7779-1

Package update php8.1-soap in branch sisyphus

Version8.1.8-alt1

Published2022-07-18

Max severityCRITICAL

Severity:

Closed issues (2)

CRITICAL9.8

Уязвимость реализации функции finfo_buffer() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

Published: 2022-08-02Modified: 2022-08-29

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-31627

CRITICAL9.8

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

Published: 2022-07-28Modified: 2024-11-21

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References