Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-0567 CVE-2023-0662

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)

Source

ALASPHP8.0-2023-002

Amazon Linux 2 Security Advisory: ALASPHP8.0-2023-002
Advisory Release Date: 2023-08-21 21:00 Pacific
Advisory Updated Date: 2023-09-13 19:32 Pacific

Severity: Important

References: CVE-2023-0567 CVE-2023-0662
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)

Affected Packages:

php

Issue Correction:
Run yum update php to update your system.

New Packages:

aarch64:
    php-8.0.28-1.amzn2.aarch64
    php-cli-8.0.28-1.amzn2.aarch64
    php-dbg-8.0.28-1.amzn2.aarch64
    php-fpm-8.0.28-1.amzn2.aarch64
    php-common-8.0.28-1.amzn2.aarch64
    php-devel-8.0.28-1.amzn2.aarch64
    php-opcache-8.0.28-1.amzn2.aarch64
    php-ldap-8.0.28-1.amzn2.aarch64
    php-pdo-8.0.28-1.amzn2.aarch64
    php-mysqlnd-8.0.28-1.amzn2.aarch64
    php-pgsql-8.0.28-1.amzn2.aarch64
    php-process-8.0.28-1.amzn2.aarch64
    php-odbc-8.0.28-1.amzn2.aarch64
    php-soap-8.0.28-1.amzn2.aarch64
    php-snmp-8.0.28-1.amzn2.aarch64
    php-xml-8.0.28-1.amzn2.aarch64
    php-mbstring-8.0.28-1.amzn2.aarch64
    php-gd-8.0.28-1.amzn2.aarch64
    php-bcmath-8.0.28-1.amzn2.aarch64
    php-gmp-8.0.28-1.amzn2.aarch64
    php-dba-8.0.28-1.amzn2.aarch64
    php-embedded-8.0.28-1.amzn2.aarch64
    php-pspell-8.0.28-1.amzn2.aarch64
    php-intl-8.0.28-1.amzn2.aarch64
    php-enchant-8.0.28-1.amzn2.aarch64
    php-sodium-8.0.28-1.amzn2.aarch64
    php-debuginfo-8.0.28-1.amzn2.aarch64

src:
    php-8.0.28-1.amzn2.src

x86_64:
    php-8.0.28-1.amzn2.x86_64
    php-cli-8.0.28-1.amzn2.x86_64
    php-dbg-8.0.28-1.amzn2.x86_64
    php-fpm-8.0.28-1.amzn2.x86_64
    php-common-8.0.28-1.amzn2.x86_64
    php-devel-8.0.28-1.amzn2.x86_64
    php-opcache-8.0.28-1.amzn2.x86_64
    php-ldap-8.0.28-1.amzn2.x86_64
    php-pdo-8.0.28-1.amzn2.x86_64
    php-mysqlnd-8.0.28-1.amzn2.x86_64
    php-pgsql-8.0.28-1.amzn2.x86_64
    php-process-8.0.28-1.amzn2.x86_64
    php-odbc-8.0.28-1.amzn2.x86_64
    php-soap-8.0.28-1.amzn2.x86_64
    php-snmp-8.0.28-1.amzn2.x86_64
    php-xml-8.0.28-1.amzn2.x86_64
    php-mbstring-8.0.28-1.amzn2.x86_64
    php-gd-8.0.28-1.amzn2.x86_64
    php-bcmath-8.0.28-1.amzn2.x86_64
    php-gmp-8.0.28-1.amzn2.x86_64
    php-dba-8.0.28-1.amzn2.x86_64
    php-embedded-8.0.28-1.amzn2.x86_64
    php-pspell-8.0.28-1.amzn2.x86_64
    php-intl-8.0.28-1.amzn2.x86_64
    php-enchant-8.0.28-1.amzn2.x86_64
    php-sodium-8.0.28-1.amzn2.x86_64
    php-debuginfo-8.0.28-1.amzn2.x86_64

Additional References

Red Hat: CVE-2023-0567, CVE-2023-0662

Mitre: CVE-2023-0567, CVE-2023-0662

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALASPHP8.0-2023-002

ALASPHP8.0-2023-002

Additional References

Vulmon Search

About

Products

Connect