admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-3247.md

20 lines
1.2 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-3247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247)
![](https://img.shields.io/static/v1?label=Product&message=PHP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=8.0.*%3C%208.0.29%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-252%20Unchecked%20Return%20Value&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-330%20Use%20of%20Insufficiently%20Random%20Values&color=brighgreen)
### Description
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. 
### POC
#### Reference
- https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink