CVE-2023-3247

CVSS V2 None CVSS V3 None

Description

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

Overview

CVE ID
CVE-2023-3247

Assigner
php

Vulnerability Status
PUBLISHED

Published Version
2023-07-22T04:17:09.896Z

Last Modified Date
2023-07-22T04:17:09.896Z

Weakness Enumerations

CWE	URL
CWE-252	http://cwe.mitre.org/data/definitions/252.html
CWE-330	http://cwe.mitre.org/data/definitions/330.html

References

Reference URL	Reference Tags
https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-3247
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 20:47:21				Added to TrackCVE