CVE-2023-0568

NameCVE-2023-0568
DescriptionIn PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. 
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3345-1, DSA-5363-1, ELA-848-1, ELA-849-1
Debian Bugs1031368

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)jessie, jessie (lts)5.6.40+dfsg-0+deb8u20fixed
php7.0 (PTS)stretch (security)7.0.33-0+deb9u12vulnerable
stretch (lts), stretch7.0.33-0+deb9u18fixed
php7.3 (PTS)buster7.3.31-1~deb10u1vulnerable
buster (security)7.3.31-1~deb10u7fixed
php7.4 (PTS)bullseye (security), bullseye7.4.33-1+deb11u5fixed
php8.2 (PTS)bookworm (security), bookworm8.2.20-1~deb12u1fixed
sid, trixie8.2.21-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5sourcejessie5.6.40+dfsg-0+deb8u17ELA-849-1
php5source(unstable)(unfixed)
php7.0sourcestretch7.0.33-0+deb9u14ELA-848-1
php7.0source(unstable)(unfixed)
php7.3sourcebuster7.3.31-1~deb10u3DLA-3345-1
php7.3source(unstable)(unfixed)
php7.4sourcebullseye7.4.33-1+deb11u3DSA-5363-1
php7.4source(unstable)(unfixed)
php8.2source(unstable)8.2.4-11031368

Notes

PHP Bug: https://bugs.php.net/bug.php?id=81746
Fixed in: 8.2.3
https://github.com/php/php-src/commit/ec10b28d64decbc54aa1e585dce580f0bd7a5953

Search for package or bug name: Reporting problems