Lucene search

K
mageiaGentoo FoundationMGASA-2023-0248
HistoryAug 23, 2023 - 10:56 p.m.

Updated php packages fix security vulnerability

2023-08-2322:56:41
Gentoo Foundation
advisories.mageia.org
40
php
security
vulnerability
libxml
phar
buffer mismanagement
external entity loading
xml
cve-2023-3823
cve-2023-3824
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.5%

Libxml - GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) Phar - GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()) (CVE-2023-3824)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchphp< 8.0.30-1php-8.0.30-1.mga8

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.5%