CVE-2023-3247 - OpenCVE

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
php:8.0-8080020231006102311.0b4eb31d	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5927	2023-10-19T00:00:00Z
Red Hat Enterprise Linux 9
php-0:8.0.30-1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5926	2023-10-19T00:00:00Z
php:8.1-9030020231221080340.9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0387	2024-01-24T00:00:00Z

References

Link	Providers
https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw
https://nvd.nist.gov/vuln/detail/CVE-2023-3247
https://www.cve.org/CVERecord?id=CVE-2023-3247

History

No history.

MITRE

Status: PUBLISHED

Assigner: php

Published: 2023-07-22T04:17:09.896Z

Updated: 2024-08-02T06:48:08.521Z

Reserved: 2023-06-14T16:24:08.631Z

Link: CVE-2023-3247

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-22T05:15:37.460

Modified: 2023-08-01T16:38:09.033

Link: CVE-2023-3247

Redhat

Severity : Moderate

Publid Date: 2023-07-03T00:00:00Z

Links: CVE-2023-3247 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3247", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "dateReserved": "2023-06-14T16:24:08.631Z", "datePublished": "2023-07-22T04:17:09.896Z", "dateUpdated": "2024-08-02T06:48:08.521Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "8.0.29", "status": "affected", "version": "8.0.*", "versionType": "semver"}, {"lessThan": "8.1.20", "status": "affected", "version": "8.1.*", "versionType": "semver"}, {"lessThan": "8.2.7", "status": "affected", "version": "8.2.*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Niels Dossche"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Tim D\u00fcsterhus"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. </p>"}], "value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.\u00a0\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-252", "description": "CWE-252 Unchecked Return Value", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2023-07-22T04:17:09.896Z"}, "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"}], "source": {"advisory": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c69", "discovery": "INTERNAL"}, "title": "Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:08.521Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "74F672AC-6864-41C5-9832-490C33F39D12", "versionEndExcluding": "8.0.29", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "30B3A139-7917-46D1-8747-FAEBED4B5EF0", "versionEndExcluding": "8.1.20", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1A67DFA-5A0F-4E08-B7C7-DB21C1675A1A", "versionEndExcluding": "8.2.7", "versionStartIncluding": "8.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.\u00a0\n\n"}], "id": "CVE-2023-3247", "lastModified": "2023-08-01T16:38:09.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security@php.net", "type": "Secondary"}]}, "published": "2023-07-22T05:15:37.460", "references": [{"source": "security@php.net", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-330"}], "source": "security@php.net", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:5927", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:8.0-8080020231006102311.0b4eb31d", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5926", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php-0:8.0.30-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2024:0387", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php:8.1-9030020231221080340.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-24T00:00:00Z"}], "bugzilla": {"description": "php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP", "id": "2219290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219290"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "(CWE-252|CWE-334)", "details": ["In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.\u00a0", "A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak."], "name": "CVE-2023-3247", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "php:7.4/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-php73-php", "product_name": "Red Hat Software Collections"}], "public_date": "2023-07-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3247\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3247\nhttps://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"], "threat_severity": "Moderate", "upstream_fix": "php 8.0.29, php 8.1.20, php 8.2.7"}