CVE-2023-0568

HIGH8.1EPSS 0.44%

Array overrun in common path resolve code

發布日:2023/2/16修改日:2026/4/28

描述

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

受影響套件(5)

Bitnami/libphp>= 8.0.0, < 8.0.28, >= 8.1.0, < 8.1.16, >= 8.2.0, < 8.2.3
Bitnami/php>= 8.0.0, < 8.0.28, >= 8.1.0, < 8.1.16, >= 8.2.0, < 8.2.3
Bitnami/php-min>= 8.0.0, < 8.0.28, >= 8.1.0, < 8.1.16, >= 8.2.0, < 8.2.3
Debian/php7.4from 0, < 7.4.33-1+deb11u3
Debian/php8.2from 0, < 8.2.4-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-0568
WEBhttps://bugs.php.net/bug.php?id=81746
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-0568
WEBhttps://security.netapp.com/advisory/ntap-20230517-0001/