Login Sign Up

CVE-2023-0568

7.5 HIGH
Path Traversal Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in PHP's path resolution function allows writing a null byte beyond allocated memory when processing paths near system MAXPATHLEN limits. This could lead to memory corruption potentially enabling unauthorized data access or modification. Affects PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3.

💻 Affected Systems

Products:
  • PHP
Versions: PHP 8.0.X < 8.0.28, PHP 8.1.X < 8.1.16, PHP 8.2.X < 8.2.3
Operating Systems: All operating systems running affected PHP versions
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers only when processing paths with lengths close to system MAXPATHLEN setting.

📦 What is this software?

Php by Php

View all CVEs affecting Php →

Php by Php

View all CVEs affecting Php →

Php by Php

View all CVEs affecting Php →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to arbitrary code execution, privilege escalation, or sensitive data disclosure.

🟠

Likely Case

Application crashes, denial of service, or limited memory corruption affecting adjacent data structures.

🟢

If Mitigated

Minimal impact if path lengths are controlled or systems are patched.

🌐 Internet-Facing: MEDIUM - Requires specific path length conditions and PHP processing of such paths.
🏢 Internal Only: LOW - Typically requires local access or specific application behavior to trigger.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires precise path length conditions and memory layout knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PHP 8.0.28, PHP 8.1.16, PHP 8.2.3

Vendor Advisory: https://bugs.php.net/bug.php?id=81746

Restart Required: Yes

Instructions:

1. Identify PHP version with 'php -v'. 2. Update PHP using package manager: 'apt update && apt upgrade php' (Debian/Ubuntu) or 'yum update php' (RHEL/CentOS). 3. Restart web server: 'systemctl restart apache2' or 'systemctl restart nginx'. 4. Verify update with 'php -v'.

🔧 Temporary Workarounds

Path Length Restriction

all

Implement input validation to reject paths approaching MAXPATHLEN limits.

Web Server Configuration

linux

Configure web server to limit maximum request/URL length to prevent triggering conditions.

Apache: LimitRequestLine 4094
Nginx: client_max_body_size 1m; large_client_header_buffers 4 8k;

🧯 If You Can't Patch

  • Implement strict input validation for all path inputs to ensure they don't approach MAXPATHLEN limits.
  • Deploy WAF rules to block requests with unusually long paths or URL parameters.

🔍 How to Verify

Check if Vulnerable:

Run 'php -v' and check if version is in affected range: 8.0.0-8.0.27, 8.1.0-8.1.15, or 8.2.0-8.2.2.

Check Version:

php -v | head -1

Verify Fix Applied:

Run 'php -v' and confirm version is 8.0.28+, 8.1.16+, or 8.2.3+.

📡 Detection & Monitoring

Log Indicators:

  • Web server logs showing requests with unusually long paths or URLs
  • PHP error logs containing memory corruption or segmentation fault errors

Network Indicators:

  • HTTP requests with path lengths approaching system MAXPATHLEN (typically 4096 bytes)

SIEM Query:

source="web_server_logs" AND (uri_length>4000 OR referer_length>4000)

📊 Metadata

CVE ID: CVE-2023-0568
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-131
Published: February 16, 2023
Last Updated: February 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0568, you might also want to check these:

CVE-2024-23621 10.0

A critical buffer overflow vulnerability in IBM Merge Healthcare eFilm Workstation license server al...

Same vulnerability type (CWE-131)
CVE-2021-0254 9.8

This is a critical buffer overflow vulnerability in Juniper Junos OS overlayd service that handles V...

Same vulnerability type (CWE-131)
CVE-2025-1861 9.8

This CVE describes a buffer size limitation vulnerability in PHP's HTTP redirect parsing. When PHP p...

Same vulnerability type (CWE-131)