PT-2023-2473 · Php+10 · Php+10
Das7Pad
+1
·
Publicado
2023-02-15
·
Atualizado
2025-08-11
·
CVE-2023-0662
CVSS v2.0
7.6
Alta
| Vetor | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PHP versions 8.0.0 through 8.0.27
PHP versions 8.1.0 through 8.1.15
PHP versions 8.2.0 through 8.2.2
Description
The issue is related to an excessive number of parts in HTTP form upload, which can cause high resource consumption and excessive number of log entries. This can lead to denial of service on the affected server by exhausting CPU resources or disk space. The vulnerability is associated with uncontrolled resource consumption and can be exploited by a remote attacker to cause a denial of service.
Recommendations
For PHP versions 8.0.0 through 8.0.27, update to version 8.0.28 or later.
For PHP versions 8.1.0 through 8.1.15, update to version 8.1.16 or later.
For PHP versions 8.2.0 through 8.2.2, update to version 8.2.3 or later.
As a temporary workaround, consider restricting the number of parts in HTTP form uploads to prevent excessive resource consumption.
Correção
DoS
Allocation of Resources Without Limits
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu