Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2023-0568

Published: 16/02/2023 Updated: 17/05/2023
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Php

Vulnerability Summary

In PHP 8.0.X prior to 8.0.28, 8.1.X prior to 8.1.16 and 8.2.X prior to 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. 

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

Vendor Advisories

Debian CVElist Bug Report Logs: php8.2: CVE-2023-0567 CVE-2023-0568 CVE-2023-0662
Debian Bug report logs - #1031368 php82: CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 Package: src:php82; Maintainer for src:php82 is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 15 Feb 2023 21:30:02 UTC Severity: grave Tags: security, upst ...
Red Hat: Important: php security update
Synopsis Important: php security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for php is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
Red Hat: Important: php:8.0 security update
Synopsis Important: php:80 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:80 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...
Red Hat: Moderate: php:8.1 security update
Synopsis Moderate: php:81 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:81 module is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Debian Security Advisories: DSA-5363-1 php7.4 -- security update
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes For the stable distribution (bullseye), these problems have been fixed in version 7433-1+deb11u3 We recommend that you upgrade your php74 packages For the det ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: In PHP 80X before 8028, 81X before 8116 and 82X before 823, core path resolution function allocate buffer one byte too small When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL v ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-770https://bugs.php.net/bug.php?id=81746https://security.netapp.com/advisory/ntap-20230517-0001/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368https://www.debian.org/security/2023/dsa-5363https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook