Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-3247 (GCVE-0-2023-3247)
Vulnerability from cvelistv5 – Published: 2023-07-22 04:17 – Updated: 2024-10-15 20:34
VLAI?
EPSS
Title
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
Summary
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
Severity ?
Assigner
References
Impacted products
Credits
Niels Dossche
Tim Düsterhus
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:41:48.525120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:34:03.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.0.29",
"status": "affected",
"version": "8.0.*",
"versionType": "semver"
},
{
"lessThan": "8.1.20",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.7",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Niels Dossche"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tim D\u00fcsterhus"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u00a0\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-22T04:17:09.896Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
}
],
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c69",
"discovery": "INTERNAL"
},
"title": "Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2023-3247",
"datePublished": "2023-07-22T04:17:09.896Z",
"dateReserved": "2023-06-14T16:24:08.631Z",
"dateUpdated": "2024-10-15T20:34:03.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T06:48:08.521Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3247\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T19:41:48.525120Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-15T20:33:59.097Z\"}}], \"cna\": {\"title\": \"Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP\", \"source\": {\"advisory\": \"https://github.com/php/php-src/security/advisories/GHSA-76gg-c69\", \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Niels Dossche\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Tim D\\u00fcsterhus\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PHP Group\", \"product\": \"PHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.*\", \"lessThan\": \"8.0.29\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.1.*\", \"lessThan\": \"8.1.20\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.2.*\", \"lessThan\": \"8.2.7\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\\u00a0\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u0026nbsp;\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-252\", \"description\": \"CWE-252 Unchecked Return Value\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330 Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"dd77f84a-d19a-4638-8c3d-a322d820ed2b\", \"shortName\": \"php\", \"dateUpdated\": \"2023-07-22T04:17:09.896Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-3247\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-15T20:34:03.327Z\", \"dateReserved\": \"2023-06-14T16:24:08.631Z\", \"assignerOrgId\": \"dd77f84a-d19a-4638-8c3d-a322d820ed2b\", \"datePublished\": \"2023-07-22T04:17:09.896Z\", \"assignerShortName\": \"php\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cve-2023-3247
Vulnerability from osv_almalinux
Published
2024-01-24 00:00
Modified
2024-01-25 22:02
Summary
Moderate: php:8.1 security update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
- php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)
- php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
- php: XML loading external entity without being enabled (CVE-2023-3823)
- php: phar Buffer mismanagement (CVE-2023-3824)
- php: Password_verify() always return true with some hash (CVE-2023-0567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "apcu-panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.21-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.21-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.21-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3-4.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-xdebug3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.4-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1.module_el9.1.0+15+94ba28e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.27-1.module_el9.3.0+53+44872dd1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: 1-byte array overrun in common path resolve code (CVE-2023-0568)\n* php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)\n* php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)\n* php: XML loading external entity without being enabled (CVE-2023-3823)\n* php: phar Buffer mismanagement (CVE-2023-3824)\n* php: Password_verify() always return true with some hash (CVE-2023-0567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0387",
"modified": "2024-01-25T22:02:03Z",
"published": "2024-01-24T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0387"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0568"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0662"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3247"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170770"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2219290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2229396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2230101"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-0387.html"
}
],
"related": [
"CVE-2023-0568",
"CVE-2023-0662",
"CVE-2023-3247",
"CVE-2023-3823",
"CVE-2023-3824",
"CVE-2023-0567"
],
"summary": "Moderate: php:8.1 security update"
}
cve-2023-3247
Vulnerability from osv_almalinux
Published
2023-10-19 00:00
Modified
2023-10-20 08:08
Summary
Important: php security update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: XML loading external entity without being enabled (CVE-2023-3823)
- php: phar Buffer mismanagement (CVE-2023-3824)
- php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
- php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)
- php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
- php: Password_verify() always return true with some hash (CVE-2023-0567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: XML loading external entity without being enabled (CVE-2023-3823)\n* php: phar Buffer mismanagement (CVE-2023-3824)\n* php: 1-byte array overrun in common path resolve code (CVE-2023-0568)\n* php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)\n* php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)\n* php: Password_verify() always return true with some hash (CVE-2023-0567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:5926",
"modified": "2023-10-20T08:08:04Z",
"published": "2023-10-19T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:5926"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0568"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0662"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3247"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170770"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2219290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2229396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2230101"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-5926.html"
}
],
"related": [
"CVE-2023-3823",
"CVE-2023-3824",
"CVE-2023-0568",
"CVE-2023-0662",
"CVE-2023-3247",
"CVE-2023-0567"
],
"summary": "Important: php security update"
}
cve-2023-3247
Vulnerability from osv_almalinux
Published
2023-10-19 00:00
Modified
2023-10-20 08:26
Summary
Important: php:8.0 security update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: XML loading external entity without being enabled (CVE-2023-3823)
- php: phar Buffer mismanagement (CVE-2023-3824)
- php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
- php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)
- php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
- php: Password_verify() always return true with some hash (CVE-2023-0567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apcu-panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pear"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.10.13-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.20-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.2-1.module_el8.6.0+2739+efabdb8f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.2-1.module_el8.6.0+3061+6878dd1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.30-1.module_el8.8.0+3655+3335cff6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: XML loading external entity without being enabled (CVE-2023-3823)\n* php: phar Buffer mismanagement (CVE-2023-3824)\n* php: 1-byte array overrun in common path resolve code (CVE-2023-0568)\n* php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)\n* php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)\n* php: Password_verify() always return true with some hash (CVE-2023-0567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:5927",
"modified": "2023-10-20T08:26:26Z",
"published": "2023-10-19T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:5927"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0568"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0662"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3247"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170770"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2219290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2229396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2230101"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-5927.html"
}
],
"related": [
"CVE-2023-3823",
"CVE-2023-3824",
"CVE-2023-0568",
"CVE-2023-0662",
"CVE-2023-3247",
"CVE-2023-0567"
],
"summary": "Important: php:8.0 security update"
}
cve-2023-3247
Vulnerability from osv_almalinux
Published
2024-12-11 00:00
Modified
2024-12-16 14:52
Summary
Moderate: php:7.4 security update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
- php: Password_verify() always return true with some hash (CVE-2023-0567)
- php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
- php: XML loading external entity without being enabled (CVE-2023-3823)
- php: phar Buffer mismanagement (CVE-2023-3824)
- php: host/secure cookie bypass due to partial CVE-2022-31629 fix (CVE-2024-2756)
- php: password_verify can erroneously return true, opening ATO risk (CVE-2024-3096)
- php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (CVE-2024-5458)
- php: Erroneous parsing of multipart form data (CVE-2024-8925)
- php: cgi.force_redirect configuration is bypassable due to the environment variable collision (CVE-2024-8927)
- php: PHP-FPM Log Manipulation Vulnerability (CVE-2024-9026)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apcu-panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pear"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.10.13-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.6.0+3059+d65eee13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.4.0+2229+b272fdef"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.3.0+2009+b272fdef"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.5-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.5-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.5-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.2-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.2-1.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.2-1.module_el8.6.0+3239+bedf0508"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.33-2.module_el8.10.0+3935+28808425"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. \n\nSecurity Fix(es): \n\n * php: 1-byte array overrun in common path resolve code (CVE-2023-0568)\n * php: Password_verify() always return true with some hash (CVE-2023-0567)\n * php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)\n * php: XML loading external entity without being enabled (CVE-2023-3823)\n * php: phar Buffer mismanagement (CVE-2023-3824)\n * php: host/secure cookie bypass due to partial CVE-2022-31629 fix (CVE-2024-2756)\n * php: password_verify can erroneously return true, opening ATO risk (CVE-2024-3096)\n * php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (CVE-2024-5458)\n * php: Erroneous parsing of multipart form data (CVE-2024-8925)\n * php: cgi.force_redirect configuration is bypassable due to the environment variable collision (CVE-2024-8927)\n * php: PHP-FPM Log Manipulation Vulnerability (CVE-2024-9026)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:10952",
"modified": "2024-12-16T14:52:18Z",
"published": "2024-12-11T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:10952"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0568"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3247"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-3824"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-2756"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-3096"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5458"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-8925"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-8927"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-9026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170770"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2219290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2229396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2230101"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2275058"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2275061"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2291252"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2317049"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2317051"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2317144"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-10952.html"
}
],
"related": [
"CVE-2023-0568",
"CVE-2023-0567",
"CVE-2023-3247",
"CVE-2023-3823",
"CVE-2023-3824",
"CVE-2022-31629",
"CVE-2024-2756",
"CVE-2024-3096",
"CVE-2024-5458",
"CVE-2024-8925",
"CVE-2024-8927",
"CVE-2024-9026"
],
"summary": "Moderate: php:7.4 security update"
}
bit-libphp-2023-3247
Vulnerability from bitnami_vulndb
Published
2025-08-11 13:53
Modified
2025-08-11 14:19
Summary
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
Details
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "libphp",
"purl": "pkg:bitnami/libphp"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.29"
},
{
"introduced": "8.1.0"
},
{
"fixed": "8.1.20"
},
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.7"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-3247"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.",
"id": "BIT-libphp-2023-3247",
"modified": "2025-08-11T14:19:40.295Z",
"published": "2025-08-11T13:53:55.851Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3247"
}
],
"schema_version": "1.6.2",
"summary": "Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP"
}
bit-php-2023-3247
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:01
Modified
2025-05-20 10:02
Summary
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
Details
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "php",
"purl": "pkg:bitnami/php"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.29"
},
{
"introduced": "8.1.0"
},
{
"fixed": "8.1.20"
},
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.7"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-3247"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.",
"id": "BIT-php-2023-3247",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T11:01:40.502Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3247"
}
],
"schema_version": "1.5.0",
"summary": "Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP"
}
CVE-2023-3247
Vulnerability from fstec - Published: 07.06.2023
VLAI Severity ?
Title
Уязвимость языка программирования PHP, связанная с использованием недостаточно случайных значений, позволяющая нарушителю получить доступ к конфиденциальным данным
Description
Уязвимость языка программирования PHP связана с использованием генератором случайных чисел более узкого диапазона значений. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, Canonical Ltd., ООО «Ред Софт», ООО «РусБИТех-Астра», PHP Group, АО «ИВК», АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), PHP, АЛЬТ СП 10, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 22.10 (Ubuntu), 23.04 (Ubuntu), от 8.0.0 до 8.0.29 (PHP), от 8.1.0 до 8.1.20 (PHP), от 8.2.0 до 8.2.7 (PHP), - (АЛЬТ СП 10), до 2.9 (ОСОН ОСнова Оnyx)
Possible Mitigations
Для PHP:
использование рекомендаций производителя: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw
https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc3aeb6
https://github.com/php/php-src/commit/32c7c433ac1983c4497349051681a4f361d3d33e
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2023-3247
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-3247
Для Ubuntu:
https://ubuntu.com/security/CVE-2023-3247
https://ubuntu.com/security/notices/USN-6199-1
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения php7.3 до версии 7.3.31-1~deb10u5osnova11
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Astra Linux Special Edition 1.7:
обновить пакет php7.3 до 7.3.31-1~deb10u4+ci202306211639+astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD
Reference
https://github.com/php/php-src/commit/32c7c433ac1983c4497349051681a4f361d3d33e
https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc3aeb6
https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw
https://nvd.nist.gov/vuln/detail/CVE-2023-3247
https://security-tracker.debian.org/tracker/CVE-2023-3247
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
https://access.redhat.com/security/cve/CVE-2023-3247
https://ubuntu.com/security/CVE-2023-3247
https://ubuntu.com/security/notices/USN-6199-1
https://altsp.su/obnovleniya-bezopasnosti/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-330
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, PHP Group, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 22.10 (Ubuntu), 23.04 (Ubuntu), \u043e\u0442 8.0.0 \u0434\u043e 8.0.29 (PHP), \u043e\u0442 8.1.0 \u0434\u043e 8.1.20 (PHP), \u043e\u0442 8.2.0 \u0434\u043e 8.2.7 (PHP), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f PHP:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw\nhttps://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc3aeb6\nhttps://github.com/php/php-src/commit/32c7c433ac1983c4497349051681a4f361d3d33e\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2023-3247\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2023-3247\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2023-3247\nhttps://ubuntu.com/security/notices/USN-6199-1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f php7.3 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7.3.31-1~deb10u5osnova11\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 php7.3 \u0434\u043e 7.3.31-1~deb10u4+ci202306211639+astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.06.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.09.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05887",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-3247",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), PHP, \u0410\u041b\u042c\u0422 \u0421\u041f 10, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Canonical Ltd. Ubuntu 22.10 , Canonical Ltd. Ubuntu 23.04 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u044b\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u044b\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 (CWE-330)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u044b\u0445 \u0447\u0438\u0441\u0435\u043b \u0431\u043e\u043b\u0435\u0435 \u0443\u0437\u043a\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/php/php-src/commit/32c7c433ac1983c4497349051681a4f361d3d33e\nhttps://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc3aeb6\nhttps://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3247\nhttps://security-tracker.debian.org/tracker/CVE-2023-3247\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\nhttps://access.redhat.com/security/cve/CVE-2023-3247\nhttps://ubuntu.com/security/CVE-2023-3247\nhttps://ubuntu.com/security/notices/USN-6199-1\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-330",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
CERTFR-2024-AVI-0119
Vulnerability from certfr_avis - Published: 2024-02-13 - Updated: 2024-02-13
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une élévation de privilèges et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | Simcenter Femap versions antérieures à V2401.0000 | ||
| Siemens | N/A | SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | Parasolid V36.0 versions antérieures à V36.0.198 | ||
| Siemens | N/A | SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE SC646-2C (6GK5646-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE SC636-2C (6GK5636-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | Location Intelligence SUS Small (9DE5110-8CA11-1BX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 15 | ||
| Siemens | N/A | SINEC NMS versions antérieures à V2.0 SP1 | ||
| Siemens | N/A | SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | SIMATIC WinCC V8.0 versions antérieures à V8.0 SP4 | ||
| Siemens | N/A | SIDIS Prime versions antérieures à V4.0.400 | ||
| Siemens | N/A | SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions antérieures à V2.4 | ||
| Siemens | N/A | Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SCALANCE SC642-2C (6GK5642-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions antérieures à V2.4 | ||
| Siemens | N/A | Parasolid V35.1 versions antérieures à V35.1.252 | ||
| Siemens | N/A | Tecnomatix Plant Simulation V2201 versions antérieures à V2201.0012 | ||
| Siemens | N/A | RUGGEDCOM APE1808 avec Nozomi Guardian / CMC antérieures à 23.3.0 | ||
| Siemens | N/A | Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SCALANCE SC632-2C (6GK5632-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) versions antérieures à V4.3 | ||
| Siemens | N/A | Location Intelligence SUS Large (9DE5110-8CA13-1BX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE SC626-2C (6GK5626-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) versions antérieures à V4.3 | ||
| Siemens | N/A | Tecnomatix Plant Simulation V2302 versions antérieures à V2302.0006 | ||
| Siemens | N/A | Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SCALANCE SC622-2C (6GK5622-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) versions antérieures à V4.3 | ||
| Siemens | N/A | Parasolid V35.0 versions antérieures à V35.0.263 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2401.0000",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V36.0 versions ant\u00e9rieures \u00e0 V36.0.198",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence SUS Small (9DE5110-8CA11-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS versions ant\u00e9rieures \u00e0 V2.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIDIS Prime versions ant\u00e9rieures \u00e0 V4.0.400",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.252",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation V2201 versions ant\u00e9rieures \u00e0 V2201.0012",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 avec Nozomi Guardian / CMC ant\u00e9rieures \u00e0 23.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence SUS Large (9DE5110-8CA13-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC626-2C (6GK5626-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation V2302 versions ant\u00e9rieures \u00e0 V2302.0006",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.263",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-49691",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
},
{
"name": "CVE-2022-46393",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46393"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-41556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41556"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2023-3006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3006"
},
{
"name": "CVE-2023-51440",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51440"
},
{
"name": "CVE-2023-23946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23946"
},
{
"name": "CVE-2023-28466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2023-30772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30772"
},
{
"name": "CVE-2023-45622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45622"
},
{
"name": "CVE-2023-44321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
},
{
"name": "CVE-2022-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
},
{
"name": "CVE-2023-30585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30585"
},
{
"name": "CVE-2024-23803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23803"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-44317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
},
{
"name": "CVE-2023-38199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38199"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2022-47629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47629"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2021-45451",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45451"
},
{
"name": "CVE-2022-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-30583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30583"
},
{
"name": "CVE-2021-36369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36369"
},
{
"name": "CVE-2023-25727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25727"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0330"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2024-23812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23812"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-45617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45617"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2024-24925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24925"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-22042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22042"
},
{
"name": "CVE-2023-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50236"
},
{
"name": "CVE-2022-23521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2022-41903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-23816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23816"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2023-1393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1393"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2022-36021",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36021"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2024-24922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24922"
},
{
"name": "CVE-2022-38725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38725"
},
{
"name": "CVE-2024-24923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24923"
},
{
"name": "CVE-2022-39260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39260"
},
{
"name": "CVE-2022-29862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29862"
},
{
"name": "CVE-2024-23800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23800"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2022-3437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3437"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-4743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4743"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2022-28738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2023-3247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3247"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2023-32559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
},
{
"name": "CVE-2023-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0494"
},
{
"name": "CVE-2023-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35828"
},
{
"name": "CVE-2022-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37797"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2024-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24921"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-45625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45625"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2023-32558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32558"
},
{
"name": "CVE-2023-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2022-41861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41861"
},
{
"name": "CVE-2024-23813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23813"
},
{
"name": "CVE-2022-34918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-23802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23802"
},
{
"name": "CVE-2021-43666",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43666"
},
{
"name": "CVE-2023-22490",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22490"
},
{
"name": "CVE-2023-0568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
},
{
"name": "CVE-2024-23798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23798"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2023-32003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32003"
},
{
"name": "CVE-2023-1859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1859"
},
{
"name": "CVE-2023-48363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48363"
},
{
"name": "CVE-2022-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1015"
},
{
"name": "CVE-2023-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32004"
},
{
"name": "CVE-2023-44320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
},
{
"name": "CVE-2022-29187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29187"
},
{
"name": "CVE-2023-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3111"
},
{
"name": "CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"name": "CVE-2023-30587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30587"
},
{
"name": "CVE-2023-30589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
},
{
"name": "CVE-2022-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46392"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-1670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1670"
},
{
"name": "CVE-2023-31489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31489"
},
{
"name": "CVE-2023-32005",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32005"
},
{
"name": "CVE-2023-45618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45618"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-23810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23810"
},
{
"name": "CVE-2023-30582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30582"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2019-19135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19135"
},
{
"name": "CVE-2022-28737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28737"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2022-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45142"
},
{
"name": "CVE-2023-22742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22742"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2022-48434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48434"
},
{
"name": "CVE-2023-25155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25155"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2023-5253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5253"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2023-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
},
{
"name": "CVE-2021-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
},
{
"name": "CVE-2023-30581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30581"
},
{
"name": "CVE-2023-45627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45627"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-30584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
},
{
"name": "CVE-2024-23801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23801"
},
{
"name": "CVE-2024-24924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24924"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2023-36664",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36664"
},
{
"name": "CVE-2023-21255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
},
{
"name": "CVE-2023-1990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1990"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2021-4037",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-36617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
},
{
"name": "CVE-2023-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38559"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2023-45616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45616"
},
{
"name": "CVE-2023-45624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45624"
},
{
"name": "CVE-2023-45614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45614"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-46120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46120"
},
{
"name": "CVE-2023-30586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30586"
},
{
"name": "CVE-2023-30588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
},
{
"name": "CVE-2023-1380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1380"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-44319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-23811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23811"
},
{
"name": "CVE-2023-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35789"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2024-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22043"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-4194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4194"
},
{
"name": "CVE-2023-39418",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39418"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2023-2269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2023-26081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26081"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2023-44322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44322"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2023-45619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45619"
},
{
"name": "CVE-2023-48364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48364"
},
{
"name": "CVE-2023-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3863"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-30590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30590"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2022-1348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1348"
},
{
"name": "CVE-2023-2861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2861"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2023-34872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34872"
},
{
"name": "CVE-2023-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
},
{
"name": "CVE-2023-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
},
{
"name": "CVE-2024-23799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23799"
},
{
"name": "CVE-2021-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3638"
},
{
"name": "CVE-2023-34256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34256"
},
{
"name": "CVE-2024-23796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23796"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2023-3301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3301"
},
{
"name": "CVE-2023-0662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2022-44370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44370"
},
{
"name": "CVE-2023-45620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45620"
},
{
"name": "CVE-2023-34035",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34035"
},
{
"name": "CVE-2022-41860",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41860"
},
{
"name": "CVE-2024-23795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23795"
},
{
"name": "CVE-2023-45615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45615"
},
{
"name": "CVE-2022-29536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29536"
},
{
"name": "CVE-2023-49692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49692"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2023-22745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22745"
},
{
"name": "CVE-2022-3294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3294"
},
{
"name": "CVE-2023-32006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-45621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45621"
},
{
"name": "CVE-2024-23804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23804"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2020-11896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2023-44373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
},
{
"name": "CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"name": "CVE-2023-45626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45626"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2024-23797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23797"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-1611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1611"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2024-24920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24920"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2023-45623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45623"
},
{
"name": "CVE-2023-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
},
{
"name": "CVE-2022-4900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4900"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-28450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28450"
}
],
"initial_release_date": "2024-02-13T00:00:00",
"last_revision_date": "2024-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0119",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-000072 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-602936 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-647068 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-647068.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-943925 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-753746 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-806742 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-806742.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-580228 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-716164 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-716164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-797296 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-108696 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-108696.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-871717 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-516818 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-516818.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-017796 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-543502 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-543502.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-665034 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-665034.html"
}
]
}
GSD-2023-3247
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-3247",
"id": "GSD-2023-3247"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-3247"
],
"details": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u00a0\n\n",
"id": "GSD-2023-3247",
"modified": "2023-12-13T01:20:54.297812Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"ID": "CVE-2023-3247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.0.*",
"version_value": "8.0.29"
},
{
"version_affected": "\u003c",
"version_name": "8.1.*",
"version_value": "8.1.20"
},
{
"version_affected": "\u003c",
"version_name": "8.2.*",
"version_value": "8.2.7"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Niels Dossche"
},
{
"lang": "en",
"value": "Tim D\u00fcsterhus"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u00a0\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-252",
"lang": "eng",
"value": "CWE-252 Unchecked Return Value"
}
]
},
{
"description": [
{
"cweId": "CWE-330",
"lang": "eng",
"value": "CWE-330 Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw",
"refsource": "MISC",
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
}
]
},
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c69",
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.7",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.20",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.29",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"ID": "CVE-2023-3247"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u00a0\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-08-01T16:38Z",
"publishedDate": "2023-07-22T05:15Z"
}
}
}
FKIE_CVE-2023-3247
Vulnerability from fkie_nvd - Published: 2023-07-22 05:15 - Updated: 2024-11-21 08:16
Severity ?
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
References
| URL | Tags | ||
|---|---|---|---|
| security@php.net | https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F672AC-6864-41C5-9832-490C33F39D12",
"versionEndExcluding": "8.0.29",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B3A139-7917-46D1-8747-FAEBED4B5EF0",
"versionEndExcluding": "8.1.20",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A67DFA-5A0F-4E08-B7C7-DB21C1675A1A",
"versionEndExcluding": "8.2.7",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u00a0\n\n"
}
],
"id": "CVE-2023-3247",
"lastModified": "2024-11-21T08:16:47.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security@php.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-22T05:15:37.460",
"references": [
{
"source": "security@php.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
}
],
"sourceIdentifier": "security@php.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
},
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "security@php.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…