CVE-2022-4900
published 2023-11-02CVE-2022-4900: A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php7.4 | < php7.4 7.4.33-1+deb11u6 (bullseye) | php7.4 7.4.33-1+deb11u6 (bullseye) |
| debian | php8.2 | < php7.4 7.4.33-1+deb11u6 (bullseye) | php7.4 7.4.33-1+deb11u6 (bullseye) |
| github.com | sylabs_sif_v2 | >= 0 < 2.8.1 | 2.8.1 |
| php | php | < 8.0.22 | 8.0.22 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ghsa5.0MEDIUM
osv5.5MEDIUM