{"url":"http://public2.vulnerablecode.io/api/packages/390152?format=json","purl":"pkg:apk/alpine/php81@8.1.16-r0?arch=s390x&distroversion=v3.18&reponame=community","type":"apk","namespace":"alpine","name":"php81","version":"8.1.16-r0","qualifiers":{"arch":"s390x","distroversion":"v3.18","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97988?format=json","vulnerability_id":"VCID-j5bp-kcdm-xfg1","summary":"In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0568","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63316","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63273","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63313","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63324","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68983","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68964","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368","reference_id":"1031368","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170770","reference_id":"2170770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170770"},{"reference_url":"https://bugs.php.net/bug.php?id=81746","reference_id":"bug.php?id=81746","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:56:58Z/"}],"url":"https://bugs.php.net/bug.php?id=81746"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230517-0001/","reference_id":"ntap-20230517-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:56:58Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230517-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://usn.ubuntu.com/5902-1/","reference_id":"USN-5902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5902-1/"},{"reference_url":"https://usn.ubuntu.com/5905-1/","reference_id":"USN-5905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5905-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/390152?format=json","purl":"pkg:apk/alpine/php81@8.1.16-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.16-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2023-0568"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5bp-kcdm-xfg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97987?format=json","vulnerability_id":"VCID-kgp1-zrcc-5kdq","summary":"In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0567","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34093","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34074","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34108","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40071","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40055","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368","reference_id":"1031368","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170771","reference_id":"2170771","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170771"},{"reference_url":"https://bugs.php.net/bug.php?id=81744","reference_id":"bug.php?id=81744","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T15:34:47Z/"}],"url":"https://bugs.php.net/bug.php?id=81744"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4","reference_id":"GHSA-7fj2-8x79-rjf4","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T15:34:47Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://usn.ubuntu.com/5902-1/","reference_id":"USN-5902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5902-1/"},{"reference_url":"https://usn.ubuntu.com/6053-1/","reference_id":"USN-6053-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6053-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/390152?format=json","purl":"pkg:apk/alpine/php81@8.1.16-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.16-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2023-0567"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgp1-zrcc-5kdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97989?format=json","vulnerability_id":"VCID-xmac-nt2m-2yb7","summary":"In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0662","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47536","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47523","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57096","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57044","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57091","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57103","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0662"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368","reference_id":"1031368","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170761","reference_id":"2170761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170761"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv","reference_id":"GHSA-54hq-v5wp-fqgv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:57:39Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230517-0001/","reference_id":"ntap-20230517-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:57:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230517-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://usn.ubuntu.com/5902-1/","reference_id":"USN-5902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5902-1/"},{"reference_url":"https://usn.ubuntu.com/5905-1/","reference_id":"USN-5905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5905-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/390152?format=json","purl":"pkg:apk/alpine/php81@8.1.16-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.16-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2023-0662"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmac-nt2m-2yb7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.16-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}