Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-0567

Опубликовано: 01 мар. 2023
Источник: ubuntu
Приоритет: medium
CVSS3: 7.7

Описание

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.

РелизСтатусПримечание
bionic

DNE

esm-infra-legacy/trusty

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
trusty/esm

ignored

end of ESM support, was needs-triage
upstream

needs-triage

xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

esm-infra/focal

DNE

esm-infra/xenial

released

7.0.33-0ubuntu0.16.04.16+esm6
focal

DNE

jammy

DNE

kinetic

DNE

trusty

DNE

upstream

released

8.0.28, 8.1.16, 8.2.3
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

released

7.2.24-0ubuntu0.18.04.17
esm-infra/bionic

not-affected

7.2.24-0ubuntu0.18.04.17
esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

DNE

upstream

needs-triage

xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

esm-infra/focal

not-affected

7.4.3-4ubuntu2.18
focal

released

7.4.3-4ubuntu2.18
jammy

DNE

kinetic

DNE

trusty

DNE

upstream

needs-triage

xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

released

8.1.2-1ubuntu2.11
kinetic

released

8.1.7-1ubuntu3.3
lunar

released

8.1.12-1ubuntu4
mantic

DNE

noble

DNE

oracular

DNE

Показывать по

Ссылки на источники

7.7 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-0567

CVSS3: 5.3
redhat
больше 2 лет назад

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. 

nvd логотип

CVE-2023-0567

CVSS3: 7.7
nvd
больше 2 лет назад

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. 

msrc логотип

CVE-2023-0567

CVSS3: 6.2
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-0567

CVSS3: 7.7
debian
больше 2 лет назад

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...

github логотип

GHSA-7fj2-8x79-rjf4

github
больше 2 лет назад

BCrypt hashes erroneously validate if the salt is cut short by `$`

7.7 High

CVSS3

Уязвимость CVE-2023-0567