发布于3月6日3月6日 Members Oracle Linux: CVE-2023-0568: ELSA-2023-5927:php:8.0 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/08/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which might lead to unauthorized data access or modification. Solution(s) oracle-linux-upgrade-apcu-panel oracle-linux-upgrade-libzip oracle-linux-upgrade-libzip-devel oracle-linux-upgrade-libzip-tools oracle-linux-upgrade-php oracle-linux-upgrade-php-bcmath oracle-linux-upgrade-php-cli oracle-linux-upgrade-php-common oracle-linux-upgrade-php-dba oracle-linux-upgrade-php-dbg oracle-linux-upgrade-php-devel oracle-linux-upgrade-php-embedded oracle-linux-upgrade-php-enchant oracle-linux-upgrade-php-ffi oracle-linux-upgrade-php-fpm oracle-linux-upgrade-php-gd oracle-linux-upgrade-php-gmp oracle-linux-upgrade-php-intl oracle-linux-upgrade-php-json oracle-linux-upgrade-php-ldap oracle-linux-upgrade-php-mbstring oracle-linux-upgrade-php-mysqlnd oracle-linux-upgrade-php-odbc oracle-linux-upgrade-php-opcache oracle-linux-upgrade-php-pdo oracle-linux-upgrade-php-pear oracle-linux-upgrade-php-pecl-apcu oracle-linux-upgrade-php-pecl-apcu-devel oracle-linux-upgrade-php-pecl-rrd oracle-linux-upgrade-php-pecl-xdebug oracle-linux-upgrade-php-pecl-xdebug3 oracle-linux-upgrade-php-pecl-zip oracle-linux-upgrade-php-pgsql oracle-linux-upgrade-php-process oracle-linux-upgrade-php-snmp oracle-linux-upgrade-php-soap oracle-linux-upgrade-php-xml oracle-linux-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-0568 CVE - 2023-0568 ELSA-2023-5927 ELSA-2023-5926 ELSA-2024-0387 ELSA-2024-10952
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。