CVE-2023-3247

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

CVSS v3 2.6 LOW

2.6^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw	Patch Vendor Advisory
https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

History

21 Nov 2024, 08:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 2.6
References	~~() https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw - Patch, Vendor Advisory~~	() https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw - Patch, Vendor Advisory

01 Aug 2023, 16:38

Type	Values Removed	Values Added
First Time		Php php Php
References	~~(MISC) https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw -~~	(MISC) https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw - Patch, Vendor Advisory
CPE		cpe:2.3:a:php:php::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CWE		CWE-330

22 Jul 2023, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-22 05:15

Updated : 2024-11-21 08:16

NVD link : CVE-2023-3247

Mitre link : CVE-2023-3247

CVE.ORG link : CVE-2023-3247

JSON object : View

Products Affected

php

php

CWE

CWE-252

Unchecked Return Value

CWE-330

Use of Insufficiently Random Values

{"id": "CVE-2023-3247", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@php.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-07-22T05:15:37.460", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw", "tags": ["Patch", "Vendor Advisory"], "source": "security@php.net"}, {"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@php.net", "description": [{"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-330"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.\u00a0\n\n"}], "lastModified": "2024-11-21T08:16:47.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74F672AC-6864-41C5-9832-490C33F39D12", "versionEndExcluding": "8.0.29", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30B3A139-7917-46D1-8747-FAEBED4B5EF0", "versionEndExcluding": "8.1.20", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A67DFA-5A0F-4E08-B7C7-DB21C1675A1A", "versionEndExcluding": "8.2.7", "versionStartIncluding": "8.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}