Page 5 of 30 results (0.029 seconds)

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-31630 – OOB read due to insufficient input validation in imageloadfont()

https://notcve.org/view.php?id=CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. En versiones de PHP anteriores a 7.4.33, 8.0.25 y 8.2.12, cuando se usa la función imageloadfont() en la extensión gd, es posible proporcionar un archivo de fuente especialmente manipulado, como si la fuente cargada se usa con imagechar() función, se utilizará la lectura fuera del búfer asignado. Esto puede provocar fallos o divulgación de información confidencial. An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont() function. • https://bugs.php.net/bug.php?id=81739 https://access.redhat.com/security/cve/CVE-2022-31630 https://bugzilla.redhat.com/show_bug.cgi?id=2139280 • CWE-125: Out-of-bounds Read CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 1

CVE-2022-37454 – XKCP: buffer overflow in the SHA-3 reference implementation

https://notcve.org/view.php?id=CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. La implementación de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante que permite a atacantes ejecutar código arbitrario o eliminar las propiedades criptográficas esperadas. Esto ocurre en la interfaz de la función sponge A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. • https://csrc.nist.gov/projects/hash-functions/sha-3-project https://eprint.iacr.org/2023/331 https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&# • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2

CVE-2022-31629 – $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

https://notcve.org/view.php?id=CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, la vulnerabilidad permite a atacantes de la red y del mismo sitio establecer una cookie no segura estándar en el navegador de la víctima que es tratada como una cookie "__Host-" o "__Secure-" por las aplicaciones PHP A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser, which is treated as a `__Host-` or `__Secure-` cookie by PHP applications, posing a threat to data integrity. • https://github.com/silnex/CVE-2022-31629-poc http://www.openwall.com/lists/oss-security/2024/04/12/11 https://bugs.php.net/bug.php?id=81727 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY https://lists.fedoraproject.org/archives/list/package- • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-31628 – phar wrapper can occur dos when using quine gzip file

https://notcve.org/view.php?id=CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, el código del descompresor phar descomprimía recursivamente archivos gzip "quines", resultando en un bucle infinito A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. • https://bugs.php.net/bug.php?id=81726 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV https://security.gentoo.org/glsa/202211-03 https:/ • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-31627 – Heap buffer overflow in finfo_buffer

https://notcve.org/view.php?id=CVE-2022-31627

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. En PHP versiones 8.1.x anteriores a 8.1.8, cuando las funciones fileinfo, como finfo_buffer, debido a un parche incorrecto aplicado al código de terceros de libmagic, puede usarse una función incorrecta para liberar la memoria asignada, lo que puede conllevar a una corrupción de la pila • https://bugs.php.net/bug.php?id=81723 https://security.gentoo.org/glsa/202209-20 https://security.netapp.com/advisory/ntap-20220826-0008 • CWE-590: Free of Memory not on the Heap CWE-787: Out-of-bounds Write •