VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-14q6-hvvw-aaam

Essentials
Severities (90)
References (14)
Severity details (4)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-14q6-hvvw-aaam
Aliases	CVE-2023-3247
Summary	In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
Status	Published
Exploitability	0.5
Weighted Severity	3.9
Risk	1.9
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-330	Use of Insufficiently Random Values
CWE-252	Unchecked Return Value
CWE-334	Small Space of Random Values

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3247.json
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00254	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00254	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00254	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00254	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
epss	0.00812	https://api.first.org/data/v1/epss?cve=CVE-2023-3247
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-3247
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-3247

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3247.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-3247
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw
2219290		https://bugzilla.redhat.com/show_bug.cgi?id=2219290
cpe:2.3:a:php:php::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::
CVE-2023-3247		https://nvd.nist.gov/vuln/detail/CVE-2023-3247
RHSA-2023:5926		https://access.redhat.com/errata/RHSA-2023:5926
RHSA-2023:5927		https://access.redhat.com/errata/RHSA-2023:5927
RHSA-2024:0387		https://access.redhat.com/errata/RHSA-2024:0387
RHSA-2024:10952		https://access.redhat.com/errata/RHSA-2024:10952
USN-6199-1		https://usn.ubuntu.com/6199-1/
USN-6199-2		https://usn.ubuntu.com/6199-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3247.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3247

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3247

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.22000
EPSS Score	0.00053
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.