CVE-2024-3096 – PHP function password_verify can erroneously return true when argument contains NUL
https://notcve.org/view.php?id=CVE-2024-3096
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. En la versión PHP 8.1.* anterior a 8.1.28, 8.2.* anterior a 8.2.18, 8.3.* anterior a 8.3.5, si una contraseña almacenada con contraseña_hash() comienza con un byte nulo (\x00), se prueba una cadena en blanco como la contraseña a través de contraseña_verify() devolverá verdadero incorrectamente. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0010 • CWE-20: Improper Input Validation •
CVE-2022-4900 – Potential buffer overflow in php_cli_server_startup_workers
https://notcve.org/view.php?id=CVE-2022-4900
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. Se encontró una vulnerabilidad en PHP donde establecer la variable de entorno PHP_CLI_SERVER_WORKERS en un valor grande provoca un desbordamiento del búfer del heap. • https://access.redhat.com/security/cve/CVE-2022-4900 https://bugzilla.redhat.com/show_bug.cgi?id=2179880 https://security.netapp.com/advisory/ntap-20231130-0008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-3824 – Buffer overflow and overread in phar_dir_read()
https://notcve.org/view.php?id=CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. En PHP versión 8.0.* antes de 8.0.30, 8.1.* antes de 8.1.22, y 8.2.* antes de 8.2.8, al cargar el archivo phar, mientras se leen las entradas del directorio PHAR, una comprobación de longitud insuficiente puede conducir a un desbordamiento del búfer de pila, llevando potencialmente a corrupción de memoria o RCE. A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phar_dir_read() function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing the attacker to corrupt memory or cause a denial of service condition. • https://github.com/jhonnybonny/CVE-2023-3824 https://github.com/m1sn0w/CVE-2023-3824 https://github.com/Starla2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-3823 – Security issue with external entity loading in XML without enabling it
https://notcve.org/view.php?id=CVE-2023-3823
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. • https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/security/cve/CVE-2023-3823 https://bugzilla.redhat.com/show_bug.cgi?id=2229396 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2023-3247 – Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
https://notcve.org/view.php?id=CVE-2023-3247
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak. • https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw https://access.redhat.com/security/cve/CVE-2023-3247 https://bugzilla.redhat.com/show_bug.cgi?id=2219290 • CWE-252: Unchecked Return Value CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •