CVE-2022-31628 is a vulnerability identified in the PHP programming language, specifically affecting the phar (PHP Archive) uncompressor component in PHP versions prior to 7.4.31, 8.0.24, and 8.1.11. The issue arises from uncontrolled recursion when processing specially crafted gzip files known as "quines." A quine is a program that outputs its own source code, and in this context, the crafted gzip files cause the phar uncompressor to recursively decompress data indefinitely. This results in an infinite loop, leading to resource exhaustion such as CPU and memory consumption, effectively causing a denial-of-service (DoS) condition. The vulnerability is classified under CWE-674 (Uncontrolled Recursion), indicating that the recursion depth is not properly bounded or checked, allowing an attacker to trigger excessive recursive calls. The CVSS v3.1 base score is 2.3, reflecting a low severity primarily because exploitation requires local access with high privileges (PR:H), no user interaction, and the impact is limited to availability (denial of service) without compromising confidentiality or integrity. There are no known exploits in the wild, and no official patches were linked in the provided data, though PHP versions 7.4.31, 8.0.24, and 8.1.11 include fixes. The vulnerability could be triggered by an attacker who can supply malicious phar archives to a PHP application that uses the phar uncompressor, potentially causing service disruption.

For European organizations, the primary impact of this vulnerability is the risk of denial-of-service attacks against PHP-based applications that handle phar archives, particularly those that decompress gzip files. Such applications could become unresponsive or crash, leading to downtime and potential disruption of business operations. While the vulnerability does not allow data theft or code execution, the availability impact can be significant for critical web services, internal tools, or APIs relying on vulnerable PHP versions. Organizations in sectors with high reliance on PHP applications, such as e-commerce, government portals, and financial services, may experience service degradation or outages if exploited. The requirement for local high-privilege access reduces the likelihood of remote exploitation, but insider threats or compromised accounts could still leverage this vulnerability. Additionally, automated systems or CI/CD pipelines that process phar archives might be affected, causing operational delays. The low CVSS score reflects limited impact scope, but availability disruptions can still have reputational and financial consequences.

To mitigate this vulnerability, European organizations should: 1) Upgrade PHP installations to versions 7.4.31, 8.0.24, or 8.1.11 or later, where the issue is resolved. 2) Audit and restrict the use of phar archives in applications, especially those that decompress gzip files, to minimize exposure. 3) Implement strict input validation and sanitization for any user-supplied archive files to prevent malicious payloads. 4) Limit local high-privilege access to trusted users and enforce the principle of least privilege to reduce the risk of exploitation. 5) Monitor application logs and system resource usage for unusual spikes that could indicate recursive decompression attempts. 6) Consider disabling phar stream wrappers if not required by the application to reduce the attack surface. 7) Employ runtime application self-protection (RASP) or web application firewalls (WAFs) with custom rules to detect and block suspicious archive processing behaviors. 8) Conduct regular security assessments and penetration tests focusing on archive handling components.