{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2021-21702: fix NULL pointer dereference in SoapClient\n- CVE-2021-21703: fix OOB R/W in root process leading to privilege escalation\n- CVE-2022-31625: don't free uninitialized parameters in pg_query_params/pg_send_execute that have led to RCE\n- CVE-2022-31626: fix mysqlnd/pdo password of excessive length triggering buffer overflow leading to RCE\n- CVE-2022-31630: fix OOB read due to insufficient input validation in imageloadfont()\n- CVE-2022-37454: fix buffer overflow in the Keccak XKCP SHA-3 reference implementation\n- CVE-2023-0662: fix DoS vulnerability when parsing multipart request body", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/advisories/2026/clsa-2026_1776942343.json" } ], "tracking": { "current_release_date": "2026-04-23T11:07:30Z", "generator": { "date": "2026-04-23T11:07:30Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776942343", "initial_release_date": "2026-04-23T11:07:30Z", "revision_history": [ { "date": "2026-04-23T11:07:30Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "php: Fix of 7 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "php:7.2:820260423081423:eb0869e2", "product": { "name": "php:7.2:820260423081423:eb0869e2", "product_id": "php:7.2:820260423081423:eb0869e2", "product_identification_helper": { "purl": "pkg:rpmmod/tuxcare/php@7.2:820260423081423:eb0869e2" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-bcmath@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-pgsql@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-devel@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-mbstring@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-embedded@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-common@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-dba@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-xmlrpc@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-process@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-ldap@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-cli@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-snmp@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-recode@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-fpm@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-opcache@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-mysqlnd@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-soap@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-gmp@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-odbc@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-pdo@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-intl@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-gd@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-enchant@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-json@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-dbg@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product": { "name": "php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_id": "php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/php-xml@7.2.24-1.module_el8%2B2370%2B315044ad.tuxcare.els19?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "php:7.2:820260423081423:eb0869e2 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" }, "product_reference": "php:7.2:820260423081423:eb0869e2", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64" }, "product_reference": "php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "relates_to_product_reference": "CentOS-Stream-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-31625", "cwe": { "id": "CWE-590", "name": "Free of Memory not on the Heap" }, "notes": [ { "category": "description", "text": "In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-31625" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=81720", "url": "https://bugs.php.net/bug.php?id=81720" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202209-20", "url": "https://security.gentoo.org/glsa/202209-20" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220722-0005/", "url": "https://security.netapp.com/advisory/ntap-20220722-0005/" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5179", "url": "https://www.debian.org/security/2022/dsa-5179" } ], "release_date": "2022-06-16T06:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-23T11:05:45.608992Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343", "product_ids": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-37454", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-37454" }, { "category": "external", "summary": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project" }, { "category": "external", "summary": "https://eprint.iacr.org/2023/331", "url": "https://eprint.iacr.org/2023/331" }, { "category": "external", "summary": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/" }, { "category": "external", "summary": "https://mouha.be/sha-3-buffer-overflow/", "url": "https://mouha.be/sha-3-buffer-overflow/" }, { "category": "external", "summary": "https://news.ycombinator.com/item?id=33281106", "url": "https://news.ycombinator.com/item?id=33281106" }, { "category": "external", "summary": "https://news.ycombinator.com/item?id=35050307", "url": "https://news.ycombinator.com/item?id=35050307" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202305-02", "url": "https://security.gentoo.org/glsa/202305-02" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5267", "url": "https://www.debian.org/security/2022/dsa-5267" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5269", "url": "https://www.debian.org/security/2022/dsa-5269" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230203-0001/", "url": "https://security.netapp.com/advisory/ntap-20230203-0001/" } ], "release_date": "2022-10-21T06:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-23T11:05:45.608992Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343", "product_ids": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2021-21703", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "description", "text": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-21703" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2021/10/26/7", "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=81026", "url": "https://bugs.php.net/bug.php?id=81026" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202209-20", "url": "https://security.gentoo.org/glsa/202209-20" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20211118-0003/", "url": "https://security.netapp.com/advisory/ntap-20211118-0003/" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4992", "url": "https://www.debian.org/security/2021/dsa-4992" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4993", "url": "https://www.debian.org/security/2021/dsa-4993" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2022.html", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" } ], "release_date": "2021-10-25T06:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-23T11:05:45.608992Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343", "product_ids": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-0662", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-0662" }, { "category": "external", "summary": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv", "url": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230517-0001/", "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" } ], "release_date": "2023-02-16T07:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-23T11:05:45.608992Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343", "product_ids": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-21702", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-21702" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=80672", "url": "https://bugs.php.net/bug.php?id=80672" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202105-23", "url": "https://security.gentoo.org/glsa/202105-23" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20210312-0005/", "url": "https://security.netapp.com/advisory/ntap-20210312-0005/" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4856", "url": "https://www.debian.org/security/2021/dsa-4856" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2021.html", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "category": "external", "summary": "https://www.tenable.com/security/tns-2021-14", "url": "https://www.tenable.com/security/tns-2021-14" } ], "release_date": "2021-02-15T04:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-23T11:05:45.608992Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343", "product_ids": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-31626", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-31626" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=81719", "url": "https://bugs.php.net/bug.php?id=81719" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202209-20", "url": "https://security.gentoo.org/glsa/202209-20" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220722-0005/", "url": "https://security.netapp.com/advisory/ntap-20220722-0005/" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5179", "url": "https://www.debian.org/security/2022/dsa-5179" } ], "release_date": "2022-06-16T06:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-23T11:05:45.608992Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343", "product_ids": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-31630", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. ", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-31630" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=81739", "url": "https://bugs.php.net/bug.php?id=81739" } ], "release_date": "2022-11-14T07:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-23T11:05:45.608992Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343", "product_ids": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776942343" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:php-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-bcmath-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-cli-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-common-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dba-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-dbg-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-devel-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-embedded-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-enchant-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-fpm-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-gmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-intl-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-json-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-ldap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mbstring-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-mysqlnd-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-odbc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-opcache-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pdo-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-pgsql-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-process-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-recode-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-snmp-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-soap-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xml-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php-xmlrpc-0:7.2.24-1.module_el8+2370+315044ad.tuxcare.els19.x86_64", "CentOS-Stream-8:php:7.2:820260423081423:eb0869e2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }