Array overrun in common path resolve code
CVE-2023-0568
7.5HIGH
What is CVE-2023-0568?
A vulnerability in PHP's core path resolution function results in an allocated buffer size that is one byte too small. This issue is present in PHP versions 8.0.X prior to 8.0.28, 8.1.X prior to 8.1.16, and 8.2.X prior to 8.2.3. When handling paths that are close to the maximum system path length, the buffer overflow may overwrite the byte following the allocated memory with a NUL value. Consequently, this can potentially allow for unauthorized access to sensitive data or modifications. System administrators are encouraged to update to a secure version to mitigate risks.
Affected Version(s)
PHP 8.0.x
PHP 8.0.x < 8.0.28
PHP 8.1.x < 8.1.16