DoS vulnerability when parsing multipart request body
CVE-2023-0662

7.5HIGH

Key Information:

Vendor: PHP Group
Status: PHP
Vendor: CVE Published:; 16 February 2023

What is CVE-2023-0662?

In specific versions of PHP, an excessive number of parts in HTTP form uploads can lead to significant resource consumption, including high CPU usage and substantial log entry generation. This excessive activity can exhaust server resources, leading to a denial of service situation, jeopardizing operational stability and performance. Users running affected versions of PHP should upgrade to the latest stable releases to mitigate this vulnerability.

Affected Version(s)

PHP 8.0.x

PHP 8.0.x < 8.0.28

PHP 8.1.x < 8.1.16

References

https://github.com/php/php-src/security/advisories/GHSA-5...

https://security.netapp.com/advisory/ntap-20230517-0001/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Feb 3, 2023

Credit

Jakob Ackermann

PHP Group

What is CVE-2023-0662?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit