Innovate faster and cut risk with PHP experts from Zend Services.
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Submit support requests and browse self-service resources.
CVE-2022-31628 php: phar wrapper can produce a denial of service when using quine gzip file
In PHP versions before 7.4.31, 8.0.24, and 8.1.11, the PHAR uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
If you use PHAR files to serve your website, the PHAR files utilize gzip compression, and you are on PHP versions prior to 7.4.31, 8.0.24, or 8.1.11, you should update to a patched version of PHP.
Direct link to CVE-2022-31628 >
< View all CVEs