CVE-2023-0568
Summary
| CVE | CVE-2023-0568 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-16 07:15:00 UTC |
| Updated | 2023-05-17 20:15:00 UTC |
| Description | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. |
Risk And Classification
Problem Types: CWE-770
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| February 2023 PHP Vulnerabilities in NetApp Products | NetApp Product Security | MISC | security.netapp.com | |
| PHP :: Sec Bug #81746 :: 1-byte array overrun in common path resolve code | MISC | bugs.php.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 150653 PHP Incorrect Calculation of Buffer Size Vulnerability (CVE-2023-0568)
- 161008 Oracle Enterprise Linux Security Update for Hypertext Preprocessor (PHP) (ELSA-2023-5926)
- 161015 Oracle Enterprise Linux Security Update for php:8.0 (ELSA-2023-5927)
- 161313 Oracle Enterprise Linux Security Update for php:8.1 (ELSA-2024-0387)
- 181613 Debian Security Update for php7.3 (DLA 3345-1)
- 181663 Debian Security Update for php7.4 (DSA 5363-1)
- 181911 Debian Security Update for php8.2 (CVE-2023-0568)
- 199197 Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5902-1)
- 199545 Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5905-1)
- 242223 Red Hat Update for Hypertext Preprocessor (PHP) (RHSA-2023:5926)
- 242227 Red Hat Update for php:8.0 (RHSA-2023:5927)
- 242739 Red Hat Update for php:8.1 (RHSA-2024:0387)
- 283742 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2023-d12ff09d38)
- 283743 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2023-452714dbc6)
- 355229 Amazon Linux Security Advisory for php8.1 : ALAS2023-2023-139
- 38890 Hypertext Preprocessor (PHP) Security Update (81746)
- 502663 Alpine Linux Security Update for php8
- 502679 Alpine Linux Security Update for php81
- 502708 Alpine Linux Security Update for php7
- 502911 Alpine Linux Security Update for php81
- 503215 Alpine Linux Security Update for php82
- 505790 Alpine Linux Security Update for php81
- 506155 Alpine Linux Security Update for php82
- 673101 EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2023-2196)
- 753778 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2023:0476-1)
- 753786 SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2023:0515-1)
- 753787 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2023:0514-1)
- 905570 Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (13587)
- 906531 Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (13587-1)
- 906643 Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (13587-3)
- 941313 AlmaLinux Security Update for php:8.0 (ALSA-2023:5927)
- 941321 AlmaLinux Security Update for Hypertext Preprocessor (PHP) (ALSA-2023:5926)
- 941553 AlmaLinux Security Update for php:8.1 (ALSA-2024:0387)
- 961052 Rocky Linux Security Update for Hypertext Preprocessor (PHP) (RLSA-2023:5926)
- 961062 Rocky Linux Security Update for php:8.0 (RLSA-2023:5927)
- 961115 Rocky Linux Security Update for php:8.1 (RLSA-2024:0387)