{"api_version":"1","generated_at":"2026-04-22T23:09:26+00:00","cve":"CVE-2023-0662","urls":{"html":"https://cve.report/CVE-2023-0662","api":"https://cve.report/api/cve/CVE-2023-0662.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-0662","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-0662"},"summary":{"title":"CVE-2023-0662","description":"In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. ","state":"PUBLIC","assigner":"security@php.net","published_at":"2023-02-16 07:15:00","updated_at":"2023-05-17 20:15:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20230517-0001/","name":"https://security.netapp.com/advisory/ntap-20230517-0001/","refsource":"MISC","tags":[],"title":"February 2023 PHP Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv","name":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv","refsource":"MISC","tags":[],"title":"DoS vulnerability when parsing multipart request body · Advisory · php/php-src · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-0662","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0662","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"662","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-0662","qid":"150654","title":"PHP Denial of Service Vulnerability (CVE-2023-0662)"},{"cve":"CVE-2023-0662","qid":"161008","title":"Oracle Enterprise Linux Security Update for Hypertext Preprocessor (PHP) (ELSA-2023-5926)"},{"cve":"CVE-2023-0662","qid":"161015","title":"Oracle Enterprise Linux Security Update for php:8.0 (ELSA-2023-5927)"},{"cve":"CVE-2023-0662","qid":"161313","title":"Oracle Enterprise Linux Security Update for php:8.1 (ELSA-2024-0387)"},{"cve":"CVE-2023-0662","qid":"181613","title":"Debian Security Update for php7.3 (DLA 3345-1)"},{"cve":"CVE-2023-0662","qid":"181663","title":"Debian Security Update for php7.4 (DSA 5363-1)"},{"cve":"CVE-2023-0662","qid":"182920","title":"Debian Security Update for php8.2 (CVE-2023-0662)"},{"cve":"CVE-2023-0662","qid":"199197","title":"Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5902-1)"},{"cve":"CVE-2023-0662","qid":"199545","title":"Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5905-1)"},{"cve":"CVE-2023-0662","qid":"242223","title":"Red Hat Update for Hypertext Preprocessor (PHP) (RHSA-2023:5926)"},{"cve":"CVE-2023-0662","qid":"242227","title":"Red Hat Update for php:8.0 (RHSA-2023:5927)"},{"cve":"CVE-2023-0662","qid":"242739","title":"Red Hat Update for php:8.1 (RHSA-2024:0387)"},{"cve":"CVE-2023-0662","qid":"283742","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2023-d12ff09d38)"},{"cve":"CVE-2023-0662","qid":"283743","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2023-452714dbc6)"},{"cve":"CVE-2023-0662","qid":"355229","title":"Amazon Linux Security Advisory for php8.1 : ALAS2023-2023-139"},{"cve":"CVE-2023-0662","qid":"356062","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-002"},{"cve":"CVE-2023-0662","qid":"356064","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-002"},{"cve":"CVE-2023-0662","qid":"356074","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.2-2023-001"},{"cve":"CVE-2023-0662","qid":"356077","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.2-2023-001"},{"cve":"CVE-2023-0662","qid":"356082","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-002"},{"cve":"CVE-2023-0662","qid":"356090","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALAS2PHP8.1-2023-002"},{"cve":"CVE-2023-0662","qid":"356546","title":"Amazon Linux Security Advisory for php56 : ALAS-2023-1879"},{"cve":"CVE-2023-0662","qid":"356771","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALAS2-2023-2375"},{"cve":"CVE-2023-0662","qid":"502663","title":"Alpine Linux Security Update for php8"},{"cve":"CVE-2023-0662","qid":"502679","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2023-0662","qid":"502708","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2023-0662","qid":"502911","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2023-0662","qid":"503215","title":"Alpine Linux Security Update for php82"},{"cve":"CVE-2023-0662","qid":"505790","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2023-0662","qid":"506155","title":"Alpine Linux Security Update for php82"},{"cve":"CVE-2023-0662","qid":"673101","title":"EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2023-2196)"},{"cve":"CVE-2023-0662","qid":"753778","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2023:0476-1)"},{"cve":"CVE-2023-0662","qid":"753786","title":"SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2023:0515-1)"},{"cve":"CVE-2023-0662","qid":"753787","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2023:0514-1)"},{"cve":"CVE-2023-0662","qid":"905576","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (13605)"},{"cve":"CVE-2023-0662","qid":"906530","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (13605-1)"},{"cve":"CVE-2023-0662","qid":"906644","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (13605-3)"},{"cve":"CVE-2023-0662","qid":"941313","title":"AlmaLinux Security Update for php:8.0 (ALSA-2023:5927)"},{"cve":"CVE-2023-0662","qid":"941321","title":"AlmaLinux Security Update for Hypertext Preprocessor (PHP) (ALSA-2023:5926)"},{"cve":"CVE-2023-0662","qid":"941553","title":"AlmaLinux Security Update for php:8.1 (ALSA-2024:0387)"},{"cve":"CVE-2023-0662","qid":"961052","title":"Rocky Linux Security Update for Hypertext Preprocessor (PHP) (RLSA-2023:5926)"},{"cve":"CVE-2023-0662","qid":"961062","title":"Rocky Linux Security Update for php:8.0 (RLSA-2023:5927)"},{"cve":"CVE-2023-0662","qid":"961115","title":"Rocky Linux Security Update for php:8.1 (RLSA-2024:0387)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-0662","ASSIGNER":"security@php.net","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. "}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400 Uncontrolled Resource Consumption","cweId":"CWE-400"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"PHP Group","product":{"product_data":[{"product_name":"PHP","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"lessThan":"8.0.28","status":"affected","version":"8.0.x","versionType":"semver"},{"lessThan":"8.1.16","status":"affected","version":"8.1.x","versionType":"semver"},{"lessThan":"8.2.3","status":"affected","version":"8.2.x","versionType":"semver"}],"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv","refsource":"MISC","name":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv"},{"url":"https://security.netapp.com/advisory/ntap-20230517-0001/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20230517-0001/"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"advisory":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5w","discovery":"EXTERNAL"},"credits":[{"lang":"en","value":"Jakob Ackermann"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-02-16 07:15:00","lastModifiedDate":"2023-05-17 20:15:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.16","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.28","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}