VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ycs8-qw3j-aaac

Essentials
Severities (96)
References (19)
Severity details (8)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-ycs8-qw3j-aaac
Aliases	CVE-2023-0662
Summary	In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-400	Uncontrolled Resource Consumption
CWE-779	Logging of Excessive Data

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2023-0662
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv
ssvc	Track	https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-0662
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-0662
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230517-0001/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230517-0001/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-0662
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20230517-0001/
1031368		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368
2170761		https://bugzilla.redhat.com/show_bug.cgi?id=2170761
cpe:2.3:a:php:php::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::
CVE-2023-0662		https://nvd.nist.gov/vuln/detail/CVE-2023-0662
GHSA-54hq-v5wp-fqgv		https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv
GLSA-202408-32		https://security.gentoo.org/glsa/202408-32
RHSA-2023:5926		https://access.redhat.com/errata/RHSA-2023:5926
RHSA-2023:5927		https://access.redhat.com/errata/RHSA-2023:5927
RHSA-2024:0387		https://access.redhat.com/errata/RHSA-2024:0387
USN-5902-1		https://usn.ubuntu.com/5902-1/
USN-5905-1		https://usn.ubuntu.com/5905-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:57:39Z/ Found at https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0662

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0662

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230517-0001/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:57:39Z/ Found at https://security.netapp.com/advisory/ntap-20230517-0001/

Exploit Prediction Scoring System (EPSS)

Percentile	0.29737
EPSS Score	0.00064
Published At	Dec. 19, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.