CVE-2022-4900 - OpenCVE

A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Linux Software Collections
Php	Php

Configuration 1 [-]

AND

cpe:2.3:a:php:php:-:*:*:*:*:*:*:*

cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:php:php:8.1.0:-:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:php:php:8.0.0:-:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:a:php:php:7.4.0:-:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:a:php:php:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:a:php:php:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:a:php:php:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2022-4900	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2179880	Issue Tracking
https://security.netapp.com/advisory/ntap-20231130-0008/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-02T15:01:28.590Z

Updated: 2023-11-02T15:01:28.590Z

Reserved: 2023-01-31T10:50:33.011Z

Link: CVE-2022-4900

JSON object: View

NVD Information

Status : Modified

Published: 2023-11-02T16:15:08.700

Modified: 2023-11-30T22:15:07.600

Link: CVE-2022-4900

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-4900", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-01-31T10:50:33.011Z", "datePublished": "2023-11-02T15:01:28.590Z", "dateUpdated": "2023-11-02T15:01:28.590Z"}, "containers": {"cna": {"title": "Potential buffer overflow in php_cli_server_startup_workers", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow."}], "affected": [{"product": "php", "vendor": "n/a", "versions": [{"version": "8.0.22", "status": "unaffected"}]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "php", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "php", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "php:7.4/php", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "php:8.0/php", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "php", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "php:8.1/php", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-php73-php", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:rhel_software_collections:3"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "php", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-4900", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179880", "name": "RHBZ#2179880", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.netapp.com/advisory/ntap-20231130-0008/"}], "datePublic": "2022-07-13T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "timeline": [{"lang": "en", "time": "2023-01-31T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-07-13T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-02T15:01:28.590Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*", "matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:8.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "58C21C07-1325-481A-A042-9806E0309013", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:8.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "6CC80B03-CD93-4B0F-91DC-21BCF9BA42C5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:7.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "A7F66C34-5BF9-4EFC-AAB0-A2E3716F4FB8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*", "matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*", "matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*", "matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en PHP donde establecer la variable de entorno PHP_CLI_SERVER_WORKERS en un valor grande provoca un desbordamiento del b\u00fafer del heap."}], "id": "CVE-2022-4900", "lastModified": "2023-11-30T22:15:07.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-11-02T16:15:08.700", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-4900"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179880"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20231130-0008/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Secondary"}]}