Security Advisory Description
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)
Impact
This vulnerability allows authenticated attackers to consume a large amount of CPU time and trigger excessive logging, which can lead to a degradation of service or a denial-of-service (DoS) on the BIG-IP system. It impacts mostly the control plane, as PHP is used in the Configuration utility for POST uploads such as upgrading iApps, uploading iRules, and uploading UCS archives.