PT-2023-5956 · Php+11 · Php+11

Bkatapi

+2

·

Published

2023-08-03

·

Updated

2025-08-11

·

CVE-2023-3823

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:N/C:C/I:P/A:P
Name of the Vulnerable Software and Affected Versions PHP versions 8.0.* through 8.0.29 PHP versions 8.1.* through 8.1.21 PHP versions 8.2.* through 8.2.7
Description The issue is related to the way PHP's XML functions rely on libxml global state to track configuration variables. This state can be changed by other modules, such as ImageMagick, within the same process, potentially leading to the disclosure of local files accessible to PHP. The vulnerable state may persist across many requests until the process is shut down.
Recommendations For PHP versions 8.0.* through 8.0.29, update to version 8.0.30 or later. For PHP versions 8.1.* through 8.1.21, update to version 8.1.22 or later. For PHP versions 8.2.* through 8.2.7, update to version 8.2.8 or later.

Exploit

Fix

DoS

XXE

Weakness Enumeration

CWE-611

Related Identifiers

ALSA-2023:5926
ALSA-2023:5927
ALSA-2024:0387
ALSA-2024:10952
ALT-PU-2023-5708
ALT-PU-2023-5713
ALT-PU-2023-5714
ALT-PU-2023-5911
ALT-PU-2023-7019
ALT-PU-2023-7021
AZL-27962
AZL-63085
BDU:2023-06656
BIT-LIBPHP-2023-3823
BIT-PHP-2023-3823
BIT-PHP-MIN-2023-3823
CESA-2023_5927
CESA-2024_10952
CVE-2023-3823
DLA-3555-1
DSA-5660-1
DSA-5661-1
GHSA-3QRF-M4J2-PCRR
INFSA-2023_5926
INFSA-2024_10952
MGASA-2023-0248
OESA-2023-1619
OESA-2023-1620
OESA-2023-1621
OESA-2023-1622
OESA-2023-1623
OPENSUSE-SU-2023_3498-1
OPENSUSE-SU-2023_3528-1
OPENSUSE-SU-2023_3541-1
RHSA-2023:5926
RHSA-2023:5927
RHSA-2023_5926
RHSA-2023_5927
RHSA-2024:0387
RHSA-2024:10952
RHSA-2024_0387
RHSA-2024_10952
RLSA-2023:5926
RLSA-2023:5927
RLSA-2024:0387
RLSA-2024:10952
SUSE-SU-2023:3445-1
SUSE-SU-2023:3498-1
SUSE-SU-2023:3528-1
SUSE-SU-2023:3541-1
USN-6305-1
USN-6305-2
USN-6305-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Imagemagick
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu