CVE-2023-0567

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-0567
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0567.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-0567
Aliases
Downstream
Related
Published
2023-03-01T08:15:11.530Z
Modified
2026-02-05T02:13:52.072768Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. 

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
5dc92c2117cafc61daaaaa240fd46c3ac33872a4
Fixed
12b5ba0b1d87d2dfdb4ee213cb5d122c921f3f2f
Introduced
381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115
Fixed
aa5f9f05194e534b9644ebdcfd073c1493d17d56
Introduced
70ee6c20ad97e02c2b8098aeea96fefbbc3ac5c2
Fixed
cde956a2b0592f5fd9591e423abc22f07be9d4b6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0567.json"