Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-0568
HistoryFeb 16, 2023 - 12:00 a.m.

CVE-2023-0568

2023-02-1600:00:00
ubuntu.com
ubuntu.com
36

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.2%

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3,
core path resolution function allocate buffer one byte too small. When
resolving paths with lengths close to system MAXPATHLEN setting, this may
lead to the byte after the allocated buffer being overwritten with NUL
value, which might lead to unauthorized data access or modification.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchphp5< anyUNKNOWN
ubuntu16.04noarchphp7.0< 7.0.33-0ubuntu0.16.04.16+esm5UNKNOWN
ubuntu18.04noarchphp7.2< 7.2.24-0ubuntu0.18.04.17UNKNOWN
ubuntu20.04noarchphp7.4< 7.4.3-4ubuntu2.18UNKNOWN
ubuntu22.04noarchphp8.1< 8.1.2-1ubuntu2.11UNKNOWN
ubuntu22.10noarchphp8.1< 8.1.7-1ubuntu3.3UNKNOWN
ubuntu23.04noarchphp8.1< 8.1.12-1ubuntu4UNKNOWN

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.2%