CVE-2022-31627
published 2022-07-28CVE-2022-31627: In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic…
PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.65%
73.6th percentile
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php7.4 | — | — |
| msrc | azl3_php_8.1.22-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_php_8.3.8-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| php | php | >= 8.1.0 < 8.1.8 | 8.1.8 |
| php_group | php | >= 8.1.X < 8.1.8 | 8.1.8 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_debian7.7LOW
vendor_redhat7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerability
vendor_ubuntu·2022-07-25
CVE-2022-31627 PHP vulnerability
Title: PHP vulnerability
Summary: PHP could be made to crash or run programs if it processed specially
crafted data.
It was discovered that PHP incorrectly handled certain memory operations
when obtaining file information. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
Heap buffer overflow in finfo_buffer
vendor_msrc·2022-07-12·CVSS 9.8
CVE-2022-31627 [HIGH] CWE-787 Heap buffer overflow in finfo_buffer
Heap buffer overflow in finfo_buffer
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
php: php
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/az
Red Hat
php: heap buffer overflow in finfo_buffer
vendor_redhat·2022-07-08·CVSS 7.7
CVE-2022-31627 [HIGH] CWE-119 php: heap buffer overflow in finfo_buffer
php: heap buffer overflow in finfo_buffer
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
A vulnerability was found in php. This issue occurs due to memory corruption in the finfo_buffer() function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash.
Package: php (Red Hat Enterprise Linux 6) - Not affected
Package: php (Red Hat Enterprise Linux 7) - Not affected
Package: php:7.4/php (Red Hat Enterprise Linux 8) - Not affected
Package: php:8.0/php (Red Hat Enterprise Linux 8) - Not affe
Debian
CVE-2022-31627: php7.4 - In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer...
vendor_debian·2022·CVSS 7.7
CVE-2022-31627 [HIGH] CVE-2022-31627: php7.4 - In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer...
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
Scope: local
bullseye: resolved
GHSA
GHSA-2c24-m9rj-gq8m: In PHP versions 8
ghsa_unreviewed·2022-07-29
CVE-2022-31627 [CRITICAL] CWE-787 GHSA-2c24-m9rj-gq8m: In PHP versions 8
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
OSV
CVE-2022-31627: In PHP versions 8
osv·2022-07-15·CVSS 9.8
CVE-2022-31627 [CRITICAL] CVE-2022-31627: In PHP versions 8
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-28
Published