CVE-2023-0568

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0568

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0568.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-0568

Aliases

Downstream

AZL-13587

AZL-63073

BELL-CVE-2023-0568

DEBIAN-CVE-2023-0568

DLA-3345-1

DSA-5363-1

MGASA-2023-0065

OESA-2023-1619

OESA-2023-1620

OESA-2023-1621

OESA-2023-1622

RHSA-2023:5926

RHSA-2023:5927

RHSA-2024:0387

RHSA-2024:10952

RLSA-2023:5926

RLSA-2023:5927

RLSA-2024:0387

RLSA-2024:10952

SUSE-SU-2023:0476-1

SUSE-SU-2023:0513-1

SUSE-SU-2023:0514-1

SUSE-SU-2023:0515-1

SUSE-SU-2023:0527-1

UBUNTU-CVE-2023-0568

USN-5902-1

USN-5905-1

openSUSE-SU-2024:12711-1

Related

Published

2023-02-16T06:34:04.101Z

Modified

2026-05-15T04:06:10.157948352Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Array overrun in common path resolve code

Details

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

Database specific

{
    "cwe_ids": [
        "CWE-131"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0568.json",
    "cna_assigner": "php"
}

References

Affected packages