CVE-2023-0662
CVSS V2 None
CVSS V3 None
Description
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
Overview
- CVE ID
- CVE-2023-0662
- Assigner
- security@php.net
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-16T07:15:10
- Last Modified Date
- 2023-02-24T18:09:51
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | 1 | OR | 8.0.0 | 8.0.28 |
| cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | 1 | OR | 8.1.0 | 8.1.16 |
| cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | 1 | OR | 8.2.0 | 8.2.3 |
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv | Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0662 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:49:34 | Added to TrackCVE | |||
| 2023-04-17 07:49:36 | Weakness Enumeration | new |