Home > Vulnerability Database > CVE-2023-3247

Mend.io Vulnerability Database

CVE-2023-3247

Date: July 21, 2023

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

Language: C

Severity Score

2.6

Related Resources (6)

Url: https://security-tracker.debian.org/tracker/CVE-2023-3247

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3247

Url: https://access.redhat.com/security/cve/CVE-2023-3247

Url: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw

Url: https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc3aeb6

Url: https://www.mend.io/vulnerability-database/CVE-2023-3247

Severity Score

2.6

Weakness Type (CWE)

Use of Insufficiently Random Values

CWE-330

Unchecked Return Value

CWE-252

CVSS v3.1

Base Score:	2.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3247

Date: July 21, 2023

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?