Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-3824 (GCVE-0-2023-3824)
Vulnerability from cvelistv5 – Published: 2023-08-11 05:48 – Updated: 2025-02-13 17:01
VLAI
EPSS
Title
Buffer overflow and overread in phar_dir_read()
Summary
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Severity
9.4 (Critical)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
Credits
Niels Dossche
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230825-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.0.30",
"status": "affected",
"version": "8.0.*",
"versionType": "semver"
},
{
"lessThan": "8.1.22",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.8",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Niels Dossche"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn PHP version 8.0.* before 8.0.30,\u0026nbsp; 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "In PHP version 8.0.* before 8.0.30,\u00a0 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T22:06:20.112Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230825-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html"
}
],
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccg",
"discovery": "INTERNAL"
},
"title": "Buffer overflow and overread in phar_dir_read()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2023-3824",
"datePublished": "2023-08-11T05:48:34.082Z",
"dateReserved": "2023-07-21T16:57:23.334Z",
"dateUpdated": "2025-02-13T17:01:48.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-3824",
"date": "2026-05-29",
"epss": "0.29385",
"percentile": "0.96686"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-3824\",\"sourceIdentifier\":\"security@php.net\",\"published\":\"2023-08-11T06:15:10.560\",\"lastModified\":\"2025-02-13T17:16:59.457\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHP version 8.0.* before 8.0.30,\u00a0 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.\"},{\"lang\":\"es\",\"value\":\"En PHP versi\u00f3n 8.0.* antes de 8.0.30, 8.1.* antes de 8.1.22, y 8.2.* antes de 8.2.8, al cargar el archivo phar, mientras se leen las entradas del directorio PHAR, una comprobaci\u00f3n de longitud insuficiente puede conducir a un desbordamiento del b\u00fafer de pila, llevando potencialmente a corrupci\u00f3n de memoria o RCE.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.30\",\"matchCriteriaId\":\"C516377E-EAA8-4534-B0B8-4BF7A664DDFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.22\",\"matchCriteriaId\":\"3DA6AD3E-CB35-4AF2-86E9-3BC831728058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.9\",\"matchCriteriaId\":\"75AD1BDB-02D7-4727-8F08-8E1F794DB842\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html\",\"source\":\"security@php.net\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/\",\"source\":\"security@php.net\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230825-0001/\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230825-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
alsa-2023:5926
Vulnerability from osv_almalinux
Published
2023-10-19 00:00
Modified
2023-10-20 08:08
Summary
Important: php security update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: XML loading external entity without being enabled (CVE-2023-3823)
- php: phar Buffer mismanagement (CVE-2023-3824)
- php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
- php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)
- php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
- php: Password_verify() always return true with some hash (CVE-2023-0567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: XML loading external entity without being enabled (CVE-2023-3823)\n* php: phar Buffer mismanagement (CVE-2023-3824)\n* php: 1-byte array overrun in common path resolve code (CVE-2023-0568)\n* php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)\n* php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)\n* php: Password_verify() always return true with some hash (CVE-2023-0567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:5926",
"modified": "2023-10-20T08:08:04Z",
"published": "2023-10-19T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:5926"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0568"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0662"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3247"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170770"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2219290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2229396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2230101"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-5926.html"
}
],
"related": [
"CVE-2023-3823",
"CVE-2023-3824",
"CVE-2023-0568",
"CVE-2023-0662",
"CVE-2023-3247",
"CVE-2023-0567"
],
"summary": "Important: php security update"
}
alsa-2023:5927
Vulnerability from osv_almalinux
Published
2023-10-19 00:00
Modified
2023-10-20 08:26
Summary
Important: php:8.0 security update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: XML loading external entity without being enabled (CVE-2023-3823)
- php: phar Buffer mismanagement (CVE-2023-3824)
- php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
- php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)
- php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
- php: Password_verify() always return true with some hash (CVE-2023-0567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apcu-panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pear"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.10.13-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.2-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.2-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: XML loading external entity without being enabled (CVE-2023-3823)\n* php: phar Buffer mismanagement (CVE-2023-3824)\n* php: 1-byte array overrun in common path resolve code (CVE-2023-0568)\n* php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)\n* php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)\n* php: Password_verify() always return true with some hash (CVE-2023-0567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:5927",
"modified": "2023-10-20T08:26:26Z",
"published": "2023-10-19T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:5927"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0568"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0662"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3247"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170770"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2219290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2229396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2230101"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-5927.html"
}
],
"related": [
"CVE-2023-3823",
"CVE-2023-3824",
"CVE-2023-0568",
"CVE-2023-0662",
"CVE-2023-3247",
"CVE-2023-0567"
],
"summary": "Important: php:8.0 security update"
}
alsa-2024:0387
Vulnerability from osv_almalinux
Published
2024-01-24 00:00
Modified
2024-01-25 22:02
Summary
Moderate: php:8.1 security update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
- php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)
- php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
- php: XML loading external entity without being enabled (CVE-2023-3823)
- php: phar Buffer mismanagement (CVE-2023-3824)
- php: Password_verify() always return true with some hash (CVE-2023-0567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "apcu-panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.21-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.21-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.21-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3-4.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-xdebug3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.4-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: 1-byte array overrun in common path resolve code (CVE-2023-0568)\n* php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)\n* php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)\n* php: XML loading external entity without being enabled (CVE-2023-3823)\n* php: phar Buffer mismanagement (CVE-2023-3824)\n* php: Password_verify() always return true with some hash (CVE-2023-0567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0387",
"modified": "2024-01-25T22:02:03Z",
"published": "2024-01-24T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0387"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0568"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0662"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3247"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170770"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2219290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2229396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2230101"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-0387.html"
}
],
"related": [
"CVE-2023-0568",
"CVE-2023-0662",
"CVE-2023-3247",
"CVE-2023-3823",
"CVE-2023-3824",
"CVE-2023-0567"
],
"summary": "Moderate: php:8.1 security update"
}
alsa-2024:10952
Vulnerability from osv_almalinux
Published
2024-12-11 00:00
Modified
2024-12-16 14:52
Summary
Moderate: php:7.4 security update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
- php: Password_verify() always return true with some hash (CVE-2023-0567)
- php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
- php: XML loading external entity without being enabled (CVE-2023-3823)
- php: phar Buffer mismanagement (CVE-2023-3824)
- php: host/secure cookie bypass due to partial CVE-2022-31629 fix (CVE-2024-2756)
- php: password_verify can erroneously return true, opening ATO risk (CVE-2024-3096)
- php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (CVE-2024-5458)
- php: Erroneous parsing of multipart form data (CVE-2024-8925)
- php: cgi.force_redirect configuration is bypassable due to the environment variable collision (CVE-2024-8927)
- php: PHP-FPM Log Manipulation Vulnerability (CVE-2024-9026)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apcu-panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pear"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.10.13-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.6.0+3059+d65eee13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.4.0+2229+b272fdef"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.3.0+2009+b272fdef"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.5-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.5-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.5-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.2-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.2-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.2-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. \n\nSecurity Fix(es): \n\n * php: 1-byte array overrun in common path resolve code (CVE-2023-0568)\n * php: Password_verify() always return true with some hash (CVE-2023-0567)\n * php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)\n * php: XML loading external entity without being enabled (CVE-2023-3823)\n * php: phar Buffer mismanagement (CVE-2023-3824)\n * php: host/secure cookie bypass due to partial CVE-2022-31629 fix (CVE-2024-2756)\n * php: password_verify can erroneously return true, opening ATO risk (CVE-2024-3096)\n * php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (CVE-2024-5458)\n * php: Erroneous parsing of multipart form data (CVE-2024-8925)\n * php: cgi.force_redirect configuration is bypassable due to the environment variable collision (CVE-2024-8927)\n * php: PHP-FPM Log Manipulation Vulnerability (CVE-2024-9026)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:10952",
"modified": "2024-12-16T14:52:18Z",
"published": "2024-12-11T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:10952"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0568"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3247"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3824"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-2756"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-3096"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5458"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-8925"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-8927"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-9026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170770"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2219290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2229396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2230101"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2275058"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2275061"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291252"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2317049"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2317051"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2317144"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-10952.html"
}
],
"related": [
"CVE-2023-0568",
"CVE-2023-0567",
"CVE-2023-3247",
"CVE-2023-3823",
"CVE-2023-3824",
"CVE-2022-31629",
"CVE-2024-2756",
"CVE-2024-3096",
"CVE-2024-5458",
"CVE-2024-8925",
"CVE-2024-8927",
"CVE-2024-9026"
],
"summary": "Moderate: php:7.4 security update"
}
Title
Уязвимость функции phar_dir_read() интерпретатора PHP, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции phar_dir_read() интерпретатора PHP вызвана переполнением буфера на стеке. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код
Severity
Vendor
Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», Fedora Project, PHP Group, АО "НППКТ"
Software Name
Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), Fedora, PHP, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
10 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 4.7 (Astra Linux Special Edition), 38 (Fedora), от 8.0.0 до 8.0.30 (PHP), от 8.1.0 до 8.1.22 (PHP), от 8.2.0 до 8.2.8 (PHP), до 2.9 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/
Для ОС Astra Linux Special Edition 1.7:
обновить пакет php7.3 до 7.3.31-1~deb10u5+ci202309121223+astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения php7.3 до версии 7.3.31-1~deb10u5osnova11
Для Astra Linux Special Edition 4.7:
обновить пакет php7.3 до 7.3.31-1~deb10u5+ci202309121223+astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/
https://security.netapp.com/advisory/ntap-20230825-0001/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17
https://altsp.su/obnovleniya-bezopasnosti/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-119, CWE-120
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Fedora Project, PHP Group, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 4.7 (Astra Linux Special Edition), 38 (Fedora), \u043e\u0442 8.0.0 \u0434\u043e 8.0.30 (PHP), \u043e\u0442 8.1.0 \u0434\u043e 8.1.22 (PHP), \u043e\u0442 8.2.0 \u0434\u043e 8.2.8 (PHP), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2023/09/msg00002.html\n\n\u0414\u043b\u044f Fedora: \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 php7.3 \u0434\u043e 7.3.31-1~deb10u5+ci202309121223+astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f php7.3 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7.3.31-1~deb10u5osnova11\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 php7.3 \u0434\u043e 7.3.31-1~deb10u5+ci202309121223+astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.08.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.08.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.10.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06657",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-3824",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Fedora, PHP, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 38 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 phar_dir_read() \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 phar_dir_read() \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 PHP \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u0441\u0442\u0435\u043a\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv\t \nhttps://lists.debian.org/debian-lts-announce/2023/09/msg00002.html\t\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/\t \nhttps://security.netapp.com/advisory/ntap-20230825-0001/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-120",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
bit-libphp-2023-3824
Vulnerability from bitnami_vulndb
Published
2025-08-11 13:53
Modified
2025-08-11 14:19
Summary
Buffer overflow and overread in phar_dir_read()
Details
In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "libphp",
"purl": "pkg:bitnami/libphp"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.30"
},
{
"introduced": "8.1.0"
},
{
"fixed": "8.1.22"
},
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.9"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-3824"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "In PHP version 8.0.* before 8.0.30,\u00a0 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.",
"id": "BIT-libphp-2023-3824",
"modified": "2025-08-11T14:19:40.295Z",
"published": "2025-08-11T13:53:59.498Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3824"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230825-0001/"
}
],
"schema_version": "1.6.2",
"summary": "Buffer overflow and overread in phar_dir_read()"
}
bit-php-2023-3824
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:01
Modified
2025-05-20 10:02
Summary
Buffer overflow and overread in phar_dir_read()
Details
In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "php",
"purl": "pkg:bitnami/php"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.30"
},
{
"introduced": "8.1.0"
},
{
"fixed": "8.1.22"
},
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.9"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-3824"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "In PHP version 8.0.* before 8.0.30,\u00a0 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.",
"id": "BIT-php-2023-3824",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T11:01:21.777Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230825-0001/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3824"
}
],
"schema_version": "1.5.0",
"summary": "Buffer overflow and overread in phar_dir_read()"
}
CERTFR-2023-AVI-0621
Vulnerability from certfr_avis - Published: 2023-08-04 - Updated: 2023-08-04
De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PHP versions 8.1.x ant\u00e9rieures \u00e0 8.1.22",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3823"
},
{
"name": "CVE-2023-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3824"
}
],
"initial_release_date": "2023-08-04T00:00:00",
"last_revision_date": "2023-08-04T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0621",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHP 8.1.22 du 03 ao\u00fbt 2023",
"url": "https://www.php.net/ChangeLog-8.php#8.1.22"
}
]
}
CERTFR-2023-AVI-0628
Vulnerability from certfr_avis - Published: 2023-08-07 - Updated: 2023-08-07
De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PHP versions 8.0.x ant\u00e9rieures \u00e0 8.0.30",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3823"
},
{
"name": "CVE-2023-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3824"
}
],
"initial_release_date": "2023-08-07T00:00:00",
"last_revision_date": "2023-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0628",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHP 8.0.30 du 04 ao\u00fbt 2023",
"url": "https://www.php.net/ChangeLog-8.php#8.0.30"
}
]
}
CERTFR-2023-AVI-0669
Vulnerability from certfr_avis - Published: 2023-08-21 - Updated: 2023-08-21
De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PHP versions 8.2.x ant\u00e9rieures \u00e0 8.2.9",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3823"
},
{
"name": "CVE-2023-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3824"
}
],
"initial_release_date": "2023-08-21T00:00:00",
"last_revision_date": "2023-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0669",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHP 8.2.9 du 16 ao\u00fbt 2023",
"url": "https://www.php.net/ChangeLog-8.php#8.2.9"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…