14 lines
1.3 KiB
JSON
14 lines
1.3 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-2137",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2137",
|
|
"title": "An update for php is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Critical",
|
|
"description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.\r\n\r\nSecurity Fix(es):\r\n\r\nThe Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.(CVE-2022-37454)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-37454",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37454",
|
|
"severity": "Critical"
|
|
}
|
|
]
|
|
} |