Lucene search

K
ubuntuUbuntuUSN-5905-1
HistoryMar 02, 2023 - 12:00 a.m.

PHP vulnerabilities

2023-03-0200:00:00
ubuntu.com
69
ubuntu 16.04 esm
php7.0
gzip files
denial of service
cookies
data integrity
inputs
arbitrary code
long paths
sensitive information
http form uploads
resource consumption

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

Releases

  • Ubuntu 16.04 ESM

Packages

  • php7.0 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP incorrectly handled certain gzip files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-31628)

It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to compromise data integrity.
(CVE-2022-31629)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-31631)

It was discovered that PHP incorrectly handled resolving long paths. A
remote attacker could possibly use this issue to obtain or modify sensitive
information. (CVE-2023-0568)

It was discovered that PHP incorrectly handled a large number of field and file
parts in HTTP form uploads. A remote attacker could possibly use this issue to
cause PHP to consume resources, leading to a denial of service. (CVE-2023-0662)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchphp7.0-cgi< 7.0.33-0ubuntu0.16.04.16+esm5UNKNOWN
Ubuntu16.04noarchlibapache2-mod-php7.0< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Ubuntu16.04noarchlibapache2-mod-php7.0-dbgsym< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Ubuntu16.04noarchlibphp7.0-embed< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Ubuntu16.04noarchlibphp7.0-embed-dbgsym< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Ubuntu16.04noarchphp7.0< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Ubuntu16.04noarchphp7.0-bcmath< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Ubuntu16.04noarchphp7.0-bcmath-dbgsym< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Ubuntu16.04noarchphp7.0-bz2< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Ubuntu16.04noarchphp7.0-bz2-dbgsym< 7.0.33-0ubuntu0.16.04.16UNKNOWN
Rows per page:
1-10 of 821

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%