CVE-2023-0568

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-131
View all →

Vulnerability Description

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

Related Vulnerabilities

CVE-2017-0166

HIGH
CVSS:8.1(High)

An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by runni...

CWE-1312017

CVE-2021-21773

HIGH
CVSS:8.1(High)

An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker ...

CWE-1312021

CVE-2021-21824

HIGH
CVSS:8.1(High)

An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provid...

CWE-1312021

CVE-2020-6108

HIGH
CVSS:8.2(High)

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resultin...

CWE-1312020

CVE-2002-0184

HIGH
CVSS:7.8(High)

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, wh...

CWE-1312002

CVE-2004-0747

HIGH
CVSS:7.8(High)

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

CWE-1312004