First published: Thu Jun 08 2023(Updated: )
Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247)
Credit: security@php.net security@php.net security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
PHP PHP | >=8.0.0<8.0.29 | |
PHP PHP | >=8.1.0<8.1.20 | |
PHP PHP | >=8.2.0<8.2.7 | |
PHP PHP | <8.0.29 | 8.0.29 |
ubuntu/php7.4 | <7.4.3-4ubuntu2.19 | 7.4.3-4ubuntu2.19 |
ubuntu/php8.1 | <8.1.2-1ubuntu2.13 | 8.1.2-1ubuntu2.13 |
ubuntu/php8.1 | <8.1.7-1ubuntu3.5 | 8.1.7-1ubuntu3.5 |
ubuntu/php8.1 | <8.1.12-1ubuntu4.2 | 8.1.12-1ubuntu4.2 |
ubuntu/php8.1 | <8.1.20 | 8.1.20 |
ubuntu/php8.2 | <8.2.7-1 | 8.2.7-1 |
ubuntu/php7.0 | <7.0.33-0ubuntu0.16.04.16+ | 7.0.33-0ubuntu0.16.04.16+ |
ubuntu/php7.2 | <7.2.24-0ubuntu0.18.04.17+ | 7.2.24-0ubuntu0.18.04.17+ |
redhat/php | <8.0.29 | 8.0.29 |
redhat/php | <8.1.20 | 8.1.20 |
redhat/php | <8.2.7 | 8.2.7 |
debian/php7.3 | <=7.3.31-1~deb10u1 | 7.3.31-1~deb10u5 |
debian/php7.4 | 7.4.33-1+deb11u4 | |
debian/php8.2 | 8.2.7-1~deb12u1 8.2.12-1 8.2.16-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this bug is CVE-2023-3247.
The title of this bug is 'Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest auth…'.
PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, and 8.2.* before 8.2.7 are affected by this vulnerability.
The severity of this vulnerability is medium with a CVSS score of 4.3.
To fix this vulnerability, upgrade PHP to version 8.1.20 or apply the necessary patches.