In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. 
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2023-02-16T06:34:04.101Z

Updated: 2024-08-02T05:17:49.834Z

Reserved: 2023-01-29T07:46:39.833Z

Link: CVE-2023-0568

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-16T07:15:10.327

Modified: 2023-05-17T20:15:09.497

Link: CVE-2023-0568

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-02-15T00:00:00Z

Links: CVE-2023-0568 - Bugzilla