CVE-2022-4900
Summary
A heap buffer overflow vulnerability (CVE-2022-4900) has been identified in PHP. This flaw occurs when the PHP_CLI_SERVER_WORKERS environment variable is set to an excessively large value.
IFF Assessment
FOE
The identified vulnerability, a heap buffer overflow, can be exploited by attackers to compromise systems running vulnerable versions of PHP.
Severity
6.2
Medium
Defender Context
This vulnerability in PHP's CLI server poses a significant risk as it can lead to a heap buffer overflow, potentially allowing for remote code execution or denial-of-service attacks. Defenders should prioritize patching affected PHP installations and monitor for any unusual activity related to the PHP_CLI_SERVER_WORKERS environment variable.