Huawei EulerOS: CVE-2023-0568: php security update

Huawei EulerOS: CVE-2023-0568: php security update

Severity

9

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

02/16/2023

Created

06/09/2023

Added

06/09/2023

Modified

01/28/2025

Description

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. 

Solution(s)

• huawei-euleros-2_0_sp8-upgrade-php
• huawei-euleros-2_0_sp8-upgrade-php-cli
• huawei-euleros-2_0_sp8-upgrade-php-common
• huawei-euleros-2_0_sp8-upgrade-php-fpm
• huawei-euleros-2_0_sp8-upgrade-php-gd
• huawei-euleros-2_0_sp8-upgrade-php-ldap
• huawei-euleros-2_0_sp8-upgrade-php-odbc
• huawei-euleros-2_0_sp8-upgrade-php-pdo
• huawei-euleros-2_0_sp8-upgrade-php-process
• huawei-euleros-2_0_sp8-upgrade-php-recode
• huawei-euleros-2_0_sp8-upgrade-php-soap
• huawei-euleros-2_0_sp8-upgrade-php-xml
• huawei-euleros-2_0_sp8-upgrade-php-xmlrpc

References

• https://attackerkb.com/topics/cve-2023-0568
• CVE - 2023-0568
• EulerOS-SA-2023-2196