CVE-2022-31631 Affecting libzip-tools package, versions <0:1.6.1-1.module+el8.3.0+7685+72d70b58


Severity

Recommended
medium

Based on Oracle Linux security rating.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE8-LIBZIPTOOLS-3329884
  • published23 Feb 2023
  • disclosed12 Feb 2025

Introduced: 23 Feb 2023

CVE-2022-31631  (opens in a new tab)

How to fix?

Upgrade Oracle:8 libzip-tools to version 0:1.6.1-1.module+el8.3.0+7685+72d70b58 or higher.
This issue was patched in ELSA-2023-2903.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libzip-tools package and not the libzip-tools package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

CVSS Scores

version 3.1