PT-2023-2474 · Php+10 · Php+10

Niels Dossche

·

Published

2023-02-15

·

Updated

2025-08-11

·

CVE-2023-0568

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PHP versions 8.0.0 through 8.0.27 PHP versions 8.1.0 through 8.1.15 PHP versions 8.2.0 through 8.2.2
Description The issue is related to the core path resolution function in PHP, which allocates a buffer one byte too small. When resolving paths with lengths close to the system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with a NUL value, potentially resulting in unauthorized data access or modification.
Recommendations For PHP versions 8.0.0 through 8.0.27, update to version 8.0.28 or later. For PHP versions 8.1.0 through 8.1.15, update to version 8.1.16 or later. For PHP versions 8.2.0 through 8.2.2, update to version 8.2.3 or later.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-131CWE-770

Related Identifiers

ALSA-2023:5926
ALSA-2023:5927
ALSA-2024:0387
ALSA-2024:10952
ALT-PU-2023-1246
ALT-PU-2023-1251
ALT-PU-2023-1256
ALT-PU-2023-1275
ALT-PU-2023-1284
ALT-PU-2023-1319
ALT-PU-2023-8445
AZL-13587
AZL-63073
BDU:2023-02264
BIT-LIBPHP-2023-0568
BIT-PHP-2023-0568
BIT-PHP-MIN-2023-0568
CESA-2023_5927
CESA-2024_10952
CVE-2023-0568
DLA-3345-1
DSA-5363-1
INFSA-2023_5926
INFSA-2024_10952
MGASA-2023-0065
OESA-2023-1619
OESA-2023-1620
OESA-2023-1621
OESA-2023-1622
OPENSUSE-SU-2024:12711-1
RHSA-2023:5926
RHSA-2023:5927
RHSA-2023_5926
RHSA-2023_5927
RHSA-2024:0387
RHSA-2024:10952
RHSA-2024_0387
RHSA-2024_10952
RLSA-2023:5926
RLSA-2023:5927
RLSA-2024:0387
RLSA-2024:10952
SUSE-SU-2023:0476-1
SUSE-SU-2023:0513-1
SUSE-SU-2023:0514-1
SUSE-SU-2023:0515-1
SUSE-SU-2023:0527-1
SUSE-SU-2023_0527-1
USN-5902-1
USN-5905-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu