In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. https://bugs.php.net/bug.php?id=81746
Created php tracking bugs for this issue: Affects: fedora-36 [bug 2170779] Affects: fedora-37 [bug 2170780]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5926 https://access.redhat.com/errata/RHSA-2023:5926
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5927 https://access.redhat.com/errata/RHSA-2023:5927
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0387 https://access.redhat.com/errata/RHSA-2024:0387