CVE-2023-0662 — Uncontrolled Resource Consumption in Group PHP

CWE-400 — Uncontrolled Resource Consumption CWE-779 — Logging of Excessive Data10 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 55.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Group PHP PHP

Timeline

PublishedFeb 16

Latest updateApr 15

Description

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDphp/php8.0.0 — 8.0.28+2

▶CVEListV5php_group/php8.0.x — 8.0.28+2

🔴Vulnerability Details

OSV

php7.2, php7.4, php8.1 vulnerabilities↗2023-02-28

▶

CVEList

DoS vulnerability when parsing multipart request body↗2023-02-16

▶

OSV

CVE-2023-0662: In PHP 8↗2023-02-16

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Applications Risk Matrix: Core (PHP) — CVE-2023-0662↗2023-04-15

▶

Ubuntu

PHP vulnerabilities↗2023-03-02

▶

Ubuntu

PHP vulnerabilities↗2023-02-28

▶

Red Hat

php: DoS vulnerability when parsing multipart request body↗2023-02-15

▶

Microsoft

DoS vulnerability when parsing multipart request body↗2023-02-14

▶