Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-0568

Опубликовано: 15 фев. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which might lead to unauthorized data access or modification.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6phpOut of support scope
Red Hat Enterprise Linux 7phpOut of support scope
Red Hat Enterprise Linux 8phpWill not fix
Red Hat Enterprise Linux 8phpFixedRHSA-2023:592719.10.2023
Red Hat Enterprise Linux 8phpFixedRHSA-2024:1095211.12.2024
Red Hat Enterprise Linux 9phpFixedRHSA-2023:592619.10.2023
Red Hat Enterprise Linux 9phpFixedRHSA-2024:038724.01.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770->CWE-131
https://bugzilla.redhat.com/show_bug.cgi?id=2170770php: 1-byte array overrun in common path resolve code

EPSS

Процентиль: 33%
0.00123
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-0568

CVSS3: 7.5
ubuntu
больше 2 лет назад

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

nvd логотип

CVE-2023-0568

CVSS3: 7.5
nvd
больше 2 лет назад

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

msrc логотип

CVE-2023-0568

CVSS3: 8.1
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-0568

CVSS3: 7.5
debian
больше 2 лет назад

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...

github логотип

GHSA-6gqv-38q3-6c47

CVSS3: 9.8
github
больше 2 лет назад

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

EPSS

Процентиль: 33%
0.00123
Низкий

7.5 High

CVSS3