BIT-php-2023-0568

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/php/BIT-php-2023-0568.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-php-2023-0568

Aliases

CVE-2023-0568

Published

2024-03-06T11:02:02.405Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

References

https://bugs.php.net/bug.php?id=81746
https://security.netapp.com/advisory/ntap-20230517-0001/

Affected packages

Bitnami / php

Package

Name: php
Purl: pkg:bitnami/php

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.0.0

Fixed

8.0.28

Introduced

8.1.0

Fixed

8.1.16

Introduced

8.2.0

Fixed

8.2.3