CVE
CVE-2023-0568
| CVE ID |
CVE-2023-0568
|
|---|---|
| CVSS Score |
8.1
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
php-5.4.16-48_ol003.el7
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
The below paths, all follow the same code pattern:
```
main/fopen_wrappers.c:php_check_specific_open_basedir()ext/xmlreader/php_xmlreader.c:PHP_METHOD(xmlreader, XML)
ext/dom/document.c:dom_document_parser()
```
These arrays can have at most `MAXPATHLEN` characters, including the NULL char. So the `strlen()` can be at most `MAXPATHLEN-1`. If it does not end in a slash,
and a slash must be appended, a write of the NULL char to index `MAXPATHLEN` will occur, overrunning the array.