Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0662

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.

Published

2023-02-16T07:15:10.577

Last Modified

2025-02-13T17:15:56.090

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	php	php	< 8.0.28	Yes
Application	php	php	< 8.1.16	Yes
Application	php	php	< 8.2.3	Yes

References

https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230517-0001/ ([email protected])
https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230517-0001/ (af854a3a-2127-422b-91ae-364da2661108)