Vulnerability CVE-2023-0568: Information

Description

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. 

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-0568
Published: Feb. 16, 2023
Modified: May 17, 2023
Error type identifier: CWE-770

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
php8.0sisyphus_mipsel8.0.28-alt18.0.28-alt1ALT-PU-2023-2718-1-Fixed
php8.0p108.0.28-alt18.0.30-alt1ALT-PU-2023-1319-1315278Fixed
php8.0p10_e2k8.0.28-alt18.0.30-alt1ALT-PU-2023-2679-1-Fixed
php8.0c10f18.0.28-alt18.0.30-alt1ALT-PU-2023-1319-1315278Fixed
php8.1sisyphus8.1.16-alt18.1.28-alt1ALT-PU-2023-1256-1315260Fixed
php8.1sisyphus_e2k8.1.16-alt18.1.28-alt1ALT-PU-2023-2563-1-Fixed
php8.1sisyphus_mipsel8.1.16-alt18.1.27-alt1ALT-PU-2023-2565-1-Fixed
php8.1sisyphus_riscv648.1.16-alt18.1.28-alt1ALT-PU-2023-2569-1-Fixed
php8.1p108.1.16-alt18.1.28-alt1ALT-PU-2023-1284-1315276Fixed
php8.1p10_e2k8.1.16-alt18.1.28-alt1ALT-PU-2023-2607-1-Fixed
php8.1c10f18.1.16-alt18.1.28-alt1ALT-PU-2023-1284-1315276Fixed
php8.1c9f28.1.16-alt18.1.16-alt1ALT-PU-2023-1275-1315279Fixed
php8.2sisyphus8.2.3-alt18.2.18-alt1ALT-PU-2023-1246-1315241Fixed
php8.2sisyphus_e2k8.2.3-alt18.2.18-alt1ALT-PU-2023-2547-1-Fixed
php8.2p108.2.3-alt18.2.18-alt1ALT-PU-2023-1246-1315241Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugs.php.net/bug.php?id=81746
  • Exploit
  • Issue Tracking
  • Patch
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20230517-0001/

      1. Configuration 1

        cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
        Start including
        8.2.0
        End excliding
        8.2.3
        cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
        Start including
        8.1.0
        End excliding
        8.1.16
        cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
        Start including
        8.0.0
        End excliding
        8.0.28
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top