VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-v4wq-ks66-aaad

Essentials
Severities (99)
References (20)
Severity details (9)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-v4wq-ks66-aaad
Aliases	CVE-2023-0568
Summary	In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
Status	Published
Exploitability	0.5
Weighted Severity	7.3
Risk	3.6
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-770	Allocation of Resources Without Limits or Throttling
CWE-131	Incorrect Calculation of Buffer Size

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-0568
cvssv3.1	7.5	https://bugs.php.net/bug.php?id=81746
cvssv3.1	7.5	https://bugs.php.net/bug.php?id=81746
ssvc	Track	https://bugs.php.net/bug.php?id=81746
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-0568
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-0568
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230517-0001/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230517-0001/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-0568
		https://bugs.php.net/bug.php?id=81746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20230517-0001/
1031368		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368
2170770		https://bugzilla.redhat.com/show_bug.cgi?id=2170770
cpe:2.3:a:php:php::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::
CVE-2023-0568		https://nvd.nist.gov/vuln/detail/CVE-2023-0568
GLSA-202408-32		https://security.gentoo.org/glsa/202408-32
RHSA-2023:5926		https://access.redhat.com/errata/RHSA-2023:5926
RHSA-2023:5927		https://access.redhat.com/errata/RHSA-2023:5927
RHSA-2024:0387		https://access.redhat.com/errata/RHSA-2024:0387
RHSA-2024:10952		https://access.redhat.com/errata/RHSA-2024:10952
USN-5902-1		https://usn.ubuntu.com/5902-1/
USN-5905-1		https://usn.ubuntu.com/5905-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugs.php.net/bug.php?id=81746

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugs.php.net/bug.php?id=81746

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:56:58Z/ Found at https://bugs.php.net/bug.php?id=81746

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0568

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0568

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20230517-0001/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:56:58Z/ Found at https://security.netapp.com/advisory/ntap-20230517-0001/

Exploit Prediction Scoring System (EPSS)

Percentile	0.28295
EPSS Score	0.00123
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.