Bug 2170770 (CVE-2023-0568)

Summary: CVE-2023-0568 php: 1-byte array overrun in common path resolve code
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: hhorak, jorton, rcollet
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which might lead to unauthorized data access or modification.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2170779, 2170780, 2174679, 2174680, 2174681, 2174682, 2174683, 2174684    
Bug Blocks: 2170009    

Description Sandipan Roy 2023-02-17 08:31:45 UTC 
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

https://bugs.php.net/bug.php?id=81746
Comment 1 Sandipan Roy 2023-02-17 08:42:41 UTC 
Created php tracking bugs for this issue:

Affects: fedora-36 [bug 2170779]
Affects: fedora-37 [bug 2170780]
Comment 6 errata-xmlrpc 2023-10-19 13:14:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5926 https://access.redhat.com/errata/RHSA-2023:5926
Comment 7 errata-xmlrpc 2023-10-19 13:24:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5927 https://access.redhat.com/errata/RHSA-2023:5927
Comment 8 errata-xmlrpc 2024-01-24 10:53:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0387 https://access.redhat.com/errata/RHSA-2024:0387