CVE-2023-3247

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

History

01 Aug 2023, 16:38

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CWE		CWE-330
References	~~(MISC) https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw -~~	(MISC) https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw - Patch, Vendor Advisory
CPE		cpe:2.3:a:php:php::::::::

22 Jul 2023, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-22 05:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-3247

Mitre link : CVE-2023-3247

CVE.ORG link : CVE-2023-3247

JSON object : View

Products Affected

php

php

CWE

CWE-330

Use of Insufficiently Random Values

CWE-252

Unchecked Return Value

{"id": "CVE-2023-3247", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@php.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2023-07-22T05:15:37.460", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw", "tags": ["Patch", "Vendor Advisory"], "source": "security@php.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-330"}]}, {"type": "Secondary", "source": "security@php.net", "description": [{"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.\u00a0\n\n"}], "lastModified": "2023-08-01T16:38:09.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74F672AC-6864-41C5-9832-490C33F39D12", "versionEndExcluding": "8.0.29", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30B3A139-7917-46D1-8747-FAEBED4B5EF0", "versionEndExcluding": "8.1.20", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A67DFA-5A0F-4E08-B7C7-DB21C1675A1A", "versionEndExcluding": "8.2.7", "versionStartIncluding": "8.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}