PT-2023-2473 · Php+10 · Php+10

Das7Pad

+1

·

Published

2023-02-15

·

Updated

2025-08-11

·

CVE-2023-0662

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions PHP versions 8.0.0 through 8.0.27 PHP versions 8.1.0 through 8.1.15 PHP versions 8.2.0 through 8.2.2
Description The issue is related to an excessive number of parts in HTTP form upload, which can cause high resource consumption and excessive number of log entries. This can lead to denial of service on the affected server by exhausting CPU resources or disk space. The vulnerability is associated with uncontrolled resource consumption and can be exploited by a remote attacker to cause a denial of service.
Recommendations For PHP versions 8.0.0 through 8.0.27, update to version 8.0.28 or later. For PHP versions 8.1.0 through 8.1.15, update to version 8.1.16 or later. For PHP versions 8.2.0 through 8.2.2, update to version 8.2.3 or later. As a temporary workaround, consider restricting the number of parts in HTTP form uploads to prevent excessive resource consumption.

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Weakness Enumeration

CWE-770CWE-131CWE-400

Related Identifiers

ALSA-2023:5926
ALSA-2023:5927
ALSA-2024:0387
ALT-PU-2023-1246
ALT-PU-2023-1251
ALT-PU-2023-1256
ALT-PU-2023-1275
ALT-PU-2023-1284
ALT-PU-2023-1319
ALT-PU-2023-8445
AZL-13605
BDU:2023-02263
BDU:2023-02264
BIT-LIBPHP-2023-0662
BIT-PHP-2023-0662
BIT-PHP-MIN-2023-0662
CESA-2023_5927
CVE-2023-0662
DLA-3345-1
DSA-5363-1
GHSA-54HQ-V5WP-FQGV
INFSA-2023_5926
MGASA-2023-0065
OESA-2023-1619
OESA-2023-1620
OESA-2023-1621
OESA-2023-1622
RHSA-2023:5926
RHSA-2023:5927
RHSA-2023_5926
RHSA-2023_5927
RHSA-2024:0387
RHSA-2024_0387
RLSA-2023:5926
RLSA-2023:5927
RLSA-2024:0387
SUSE-SU-2023:0476-1
SUSE-SU-2023:0513-1
SUSE-SU-2023:0514-1
SUSE-SU-2023:0515-1
SUSE-SU-2023:0527-1
USN-5902-1
USN-5905-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu