CVE-2023-3247

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

History

No history.

Information

Published : 2023-07-22 05:15

Updated : 2023-08-01 16:38

NVD link : CVE-2023-3247

Mitre link : CVE-2023-3247

CVE.ORG link : CVE-2023-3247

JSON object : View

Products Affected

php

php

CWE

CWE-330

Use of Insufficiently Random Values

CWE-252

Unchecked Return Value

{"id": "CVE-2023-3247", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@php.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2023-07-22T05:15:37.460", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw", "tags": ["Patch", "Vendor Advisory"], "source": "security@php.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-330"}]}, {"type": "Secondary", "source": "security@php.net", "description": [{"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.\u00a0\n\n"}], "lastModified": "2023-08-01T16:38:09.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74F672AC-6864-41C5-9832-490C33F39D12", "versionEndExcluding": "8.0.29", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30B3A139-7917-46D1-8747-FAEBED4B5EF0", "versionEndExcluding": "8.1.20", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A67DFA-5A0F-4E08-B7C7-DB21C1675A1A", "versionEndExcluding": "8.2.7", "versionStartIncluding": "8.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}