Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-0567HistoryMar 01, 2023 - 8:15 a.m.
CVE-2023-0567
2023-03-0108:15:11
Debian Security Bug Tracker
security-tracker.debian.org
93
php
password_verify
vulnerability
blowfish
hashes
database
unix
CVSS3
7.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
24.9%
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | php7.4 | < 7.4.33-1+deb11u3 | php7.4_7.4.33-1+deb11u3_all.deb |
| Debian | 12 | all | php8.2 | < 8.2.4-1 | php8.2_8.2.4-1_all.deb |
| Debian | 999 | all | php8.2 | < 8.2.4-1 | php8.2_8.2.4-1_all.deb |
| Debian | 13 | all | php8.2 | < 8.2.4-1 | php8.2_8.2.4-1_all.deb |
Related
vulnrichment
vulnrichment
CVE-2023-0567 password_verify() always returns true for some invalid hashes
2023-02-16 06:15:50
ubuntucve
ubuntucve
CVE-2023-0567
2023-02-15 00:00:00
veracode
veracode
Authentication Bypass
2023-02-17 10:36:14
nvd
nvd
CVE-2023-0567
2023-03-01 08:15:11
alpinelinux
alpinelinux
CVE-2023-0567
2023-03-01 08:15:11
osv
osv
BIT-php-2023-0567
2024-03-06 11:02:12
php7.0 vulnerability
2023-05-02 10:07:08
CVE-2023-0567
2023-03-01 08:15:11
cve
cve
CVE-2023-0567
2023-03-01 08:15:11
nessus
nessus
CBL Mariner 2.0 Security Update: php (CVE-2023-0567)
2023-03-20 00:00:00
Ubuntu 16.04 ESM : PHP vulnerability (USN-6053-1)
2023-05-02 00:00:00
PHP 8.1.x < 8.1.16 Multiple Vulnerabilities
2023-02-15 00:00:00
prion
prion
Default credentials
2023-03-01 08:15:00
redhatcve
redhatcve
CVE-2023-0567
2023-02-17 12:00:22
cbl_mariner
cbl_mariner
CVE-2023-0567 affecting package php for versions less than 8.1.16-1
2023-03-09 00:25:04
cvelist
cvelist
CVE-2023-0567 password_verify() always returns true for some invalid hashes
2023-02-16 06:15:50
ubuntu
ubuntu
PHP vulnerability
2023-05-02 00:00:00
PHP vulnerabilities
2023-02-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6053-1)
2023-05-03 00:00:00
PHP < 8.0.28, 8.1.x < 8.1.16, 8.2.x < 8.2.3 Security Update - Linux
2023-02-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0514-1)
2023-03-28 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2023-02-27 23:27:16
cloudlinux
cloudlinux
php: Fix of 3 CVEs
2023-03-09 21:01:01
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.2 version 8.2.3-alt1
2023-02-21 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.1.16-alt1
2023-02-17 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.28-alt1
2023-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: php-8.1.16-1.fc36
2023-02-24 03:47:37
[SECURITY] Fedora 37 Update: php-8.1.16-1.fc37
2023-02-24 04:47:32
slackware
slackware
[slackware-security] php
2023-02-15 03:06:12
debian
debian
[SECURITY] [DLA 3345-1] php7.3 security update
2023-02-26 22:00:18
[SECURITY] [DSA 5363-1] php7.4 security update
2023-02-24 19:21:10
rocky
rocky
php:8.0 security update
2023-10-24 18:35:47
php:8.1 security update
2024-02-12 20:17:50
php security update
2023-10-24 18:36:55
almalinux
almalinux
Moderate: php:8.1 security update
2024-01-24 00:00:00
Important: php:8.0 security update
2023-10-19 00:00:00
Important: php security update
2023-10-19 00:00:00
redhat
redhat
(RHSA-2023:5927) Important: php:8.0 security update
2023-10-19 12:45:04
(RHSA-2023:5926) Important: php security update
2023-10-19 12:43:29
(RHSA-2024:0387) Moderate: php:8.1 security update
2024-01-24 09:41:37
oraclelinux
oraclelinux
php:8.0 security update
2023-10-23 00:00:00
php security update
2023-10-22 00:00:00
php:8.1 security update
2024-01-25 00:00:00
gentoo
gentoo
PHP: Multiple Vulnerabilities
2024-08-12 00:00:00
hp
hp
HP Device Manager Security Updates
2023-04-13 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
CVSS3
7.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
24.9%
Related for DEBIANCVE:CVE-2023-0567