Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0568

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

Published

2023-02-16T07:15:10.327

Last Modified

2025-02-13T17:15:55.913

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-131
Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	php	php	< 8.0.28	Yes
Application	php	php	< 8.1.16	Yes
Application	php	php	< 8.2.3	Yes

References

https://bugs.php.net/bug.php?id=81746 Exploit, Issue Tracking, Patch, Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230517-0001/ ([email protected])
https://bugs.php.net/bug.php?id=81746 Exploit, Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230517-0001/ (af854a3a-2127-422b-91ae-364da2661108)