Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-37454) (Multiple Advisories): php:7.4 security update

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Oracle Linux: (CVE-2022-37454) (Multiple Advisories): php:7.4 security update

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

10/21/2022

Created

02/24/2023

Added

02/23/2023

Modified

05/24/2023

Description

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Solution(s)

oracle-linux-upgrade-apcu-panel
oracle-linux-upgrade-libzip
oracle-linux-upgrade-libzip-devel
oracle-linux-upgrade-libzip-tools
oracle-linux-upgrade-php
oracle-linux-upgrade-php-bcmath
oracle-linux-upgrade-php-cli
oracle-linux-upgrade-php-common
oracle-linux-upgrade-php-dba
oracle-linux-upgrade-php-dbg
oracle-linux-upgrade-php-devel
oracle-linux-upgrade-php-embedded
oracle-linux-upgrade-php-enchant
oracle-linux-upgrade-php-ffi
oracle-linux-upgrade-php-fpm
oracle-linux-upgrade-php-gd
oracle-linux-upgrade-php-gmp
oracle-linux-upgrade-php-intl
oracle-linux-upgrade-php-json
oracle-linux-upgrade-php-ldap
oracle-linux-upgrade-php-mbstring
oracle-linux-upgrade-php-mysqlnd
oracle-linux-upgrade-php-odbc
oracle-linux-upgrade-php-opcache
oracle-linux-upgrade-php-pdo
oracle-linux-upgrade-php-pear
oracle-linux-upgrade-php-pecl-apcu
oracle-linux-upgrade-php-pecl-apcu-devel
oracle-linux-upgrade-php-pecl-rrd
oracle-linux-upgrade-php-pecl-xdebug
oracle-linux-upgrade-php-pecl-xdebug3
oracle-linux-upgrade-php-pecl-zip
oracle-linux-upgrade-php-pgsql
oracle-linux-upgrade-php-process
oracle-linux-upgrade-php-snmp
oracle-linux-upgrade-php-soap
oracle-linux-upgrade-php-xml
oracle-linux-upgrade-php-xmlrpc

References

ELSA-2023-2903
CVE-2022-37454
USN-5717-1
USN-5767-1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-37454) (Multiple Advisories): php:7.4 security update

Oracle Linux: (CVE-2022-37454) (Multiple Advisories): php:7.4 security update

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.