DoS vulnerability when parsing multipart request body
CVE-2023-0662

7.5HIGH

Key Information:

Vendor

PHP Group

Status
Vendor
CVE Published:
16 February 2023

What is CVE-2023-0662?

In specific versions of PHP, an excessive number of parts in HTTP form uploads can lead to significant resource consumption, including high CPU usage and substantial log entry generation. This excessive activity can exhaust server resources, leading to a denial of service situation, jeopardizing operational stability and performance. Users running affected versions of PHP should upgrade to the latest stable releases to mitigate this vulnerability.

Affected Version(s)

PHP 8.0.x

PHP 8.0.x < 8.0.28

PHP 8.1.x < 8.1.16

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jakob Ackermann
.