7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.4 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
24.2%
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before
8.2.8 various XML functions rely on libxml global state to track
configuration variables, like whether external entities are loaded. This
state is assumed to be unchanged unless the user explicitly changes it by
calling appropriate function. However, since the state is process-global,
other modules - such as ImageMagick - may also use this library within the
same process, and change that global state for their internal purposes, and
leave it in a state where external entities loading is enabled. This can
lead to the situation where external XML is parsed with external entities
loaded, which can lead to disclosure of any local files accessible to PHP.
This vulnerable state may persist in the same process across many requests,
until the process is shut down.
Author | Note |
---|---|
sbeattie | PEAR issues should go against php-pear as of xenial |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | php5 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | php7.0 | < 7.0.33-0ubuntu0.16.04.16+esm8) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | php7.2 | < 7.2.24-0ubuntu0.18.04.17+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | php7.4 | < 7.4.3-4ubuntu2.20 | UNKNOWN |
ubuntu | 22.04 | noarch | php8.1 | < 8.1.2-1ubuntu2.14 | UNKNOWN |
ubuntu | 23.04 | noarch | php8.1 | < 8.1.12-1ubuntu4.3 | UNKNOWN |
github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 (php-8.0.30)
github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
launchpad.net/bugs/cve/CVE-2023-3823
nvd.nist.gov/vuln/detail/CVE-2023-3823
security-tracker.debian.org/tracker/CVE-2023-3823
ubuntu.com/security/notices/USN-6305-1
ubuntu.com/security/notices/USN-6305-2
www.cve.org/CVERecord?id=CVE-2023-3823
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.4 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
24.2%