CVE-2023-0567

Updated: 2023-11-07 20:26:26.473084

Description:

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. 


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.2

Status

OS name Project name Version Score Severity Status Errata Last updated
EL 6 PHP php 5.3 6.2 MEDIUM Released CLSA-2023:1680289050 2023-03-31 17:03:02
EL 6 PHP php 7.3 6.2 MEDIUM Released CLSA-2023:1680293384 2023-03-31 17:03:02
EL 6 PHP php 5.5 6.2 MEDIUM Released CLSA-2023:1680290281 2023-03-31 17:02:59
EL 6 PHP php 7.1 6.2 MEDIUM Released CLSA-2023:1680292142 2023-03-31 17:03:02
EL 6 PHP php 7.0 6.2 MEDIUM Released CLSA-2023:1680291553 2023-03-31 17:03:02
EL 6 PHP php 7.4 6.2 MEDIUM Released CLSA-2023:1680293974 2023-03-31 17:03:00
EL 6 PHP php 5.4 6.2 MEDIUM Released CLSA-2023:1680289635 2023-03-31 17:03:02
EL 6 PHP php 5.6 6.2 MEDIUM Released CLSA-2023:1680290916 2023-03-31 17:03:02
EL 6 PHP php 7.2 6.2 MEDIUM Released CLSA-2023:1680292775 2023-03-31 17:03:02
EL 6 PHP php 8.2 6.2 MEDIUM Not Vulnerable 2023-03-22 14:02:31
Total: 86

Statement

Will not fix: low score