Linux Distros Unpatched Vulnerability : CVE-2023-26044

🗓️ 21 Aug 2025 00:00:00Reported by TenableType

Unpatched vulnerability in ReactPHP HTTP server causes CPU spike on large bodies; upgrade to 1.9.0.

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2023-26044	17 May 202322:33	–	circl
CNNVD	ReactPHP HTTP 资源管理错误漏洞	17 May 202300:00	–	cnnvd
CVE	CVE-2023-26044	17 May 202317:24	–	cve
Cvelist	CVE-2023-26044 ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits	17 May 202317:24	–	cvelist
Debian CVE	CVE-2023-26044	17 May 202317:24	–	debiancve
EUVD	EUVD-2023-1509	3 Oct 202520:07	–	euvd
Friends Of PHP	ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits	27 Feb 202315:05	–	friendsofphp
Github Security Blog	ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits	17 May 202317:07	–	github
NVD	CVE-2023-26044	17 May 202318:15	–	nvd
OSV	CVE-2023-26044 ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits	17 May 202317:24	–	osv

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2023-26044
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(253159);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/21");

  script_cve_id("CVE-2023-26044");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-26044");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous
    versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU
    load when processing large HTTP request bodies. This vulnerability has little to no impact on the default
    configuration, but can be exploited when explicitly using the RequestBodyBufferMiddleware with very large
    settings. This might lead to consuming large amounts of CPU time for processing requests and significantly
    delay or slow down the processing of legitimate user requests. This issue has been addressed in release
    1.9.0. Users are advised to upgrade. Users unable to upgrade may keep the request body limited using
    RequestBodyBufferMiddleware with a sensible value which should mitigate the issue. An infrastructure or
    DevOps workaround could be to place a reverse proxy in front of the ReactPHP HTTP server to filter out any
    excessive HTTP request bodies. (CVE-2023-26044)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2023-26044");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-26044");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-react-http");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "php-react-http"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

21 Aug 2025 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

EPSS0.00433

SSVC