ALT-PU-2023-8902-1 — php8.1-soap

BDU:2023-02263

HIGH7.5

Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-04-27Modified: 2024-09-24

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2023-0662

BDU:2023-02264

HIGH8.1

Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Published: 2023-04-27Modified: 2024-09-24

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2023-0568

BDU:2024-07326

MEDIUM6.2

Уязвимость функции верификации пароля языка программирования PHP, связанная с недостаточным вычислением хеша пароля, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2024-09-23Modified: 2024-12-25

CVSS 3.xMEDIUM 6.2

CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2023-0567

CVE-2023-0567

MEDIUM6.2

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.

Published: 2023-03-01Modified: 2026-02-25

CVSS 3.xMEDIUM 6.2

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

CVE-2023-0568

HIGH8.1

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

Published: 2023-02-16Modified: 2025-02-13

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2023-0662

HIGH7.5

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.

Published: 2023-02-16Modified: 2025-02-13

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Package update php8.1-soap in branch c9f2

Closed issues (6)

Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.