CVE-2023-0567

Updated: 2023-03-13 05:03:38.041053

Description:

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.2

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS php 5.3.3 6.2 MEDIUM Released CLSA-2023:1678395661 2023-03-20 14:05:03
CentOS 8.4 ELS php 7.4.6 6.2 MEDIUM Released CLSA-2023:1679350071 2023-03-20 21:14:31
CentOS 8.5 ELS php 7.4.19 6.2 MEDIUM Released CLSA-2023:1679350425 2023-03-20 21:14:31
CloudLinux 6 ELS php 5.3.3 6.2 MEDIUM Released CLSA-2023:1678395833 2023-03-20 17:04:57
Oracle Linux 6 ELS php 5.3.3 6.2 MEDIUM Released CLSA-2023:1678396156 2023-03-09 20:03:01
Ubuntu 16.04 ELS php 7.0.33 6.2 MEDIUM Released CLSA-2023:1677784124 2023-03-02 16:04:10
Ubuntu 18.04 ELS php 7.2.24-0 6.2 MEDIUM Ignored 2023-03-13 05:03:38

Statement

Will not fix: low score