In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: php
Published: 2023-02-16T06:34:04.101Z
Updated: 2024-08-02T05:17:49.834Z
Reserved: 2023-01-29T07:46:39.833Z
Link: CVE-2023-0568
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-16T07:15:10.327
Modified: 2023-05-17T20:15:09.497
Link: CVE-2023-0568
Redhat