phpXXE漏洞(CVE-2023-3823)

admin

0
文章

0
评论

2023-11-29 22:32:10 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 phpXXE漏洞(CVE-2023-3823)

CVE编号

CVE-2023-3823

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-07-21

漏洞描述

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.

解决建议

"将组件 php 升级至 8.0.30 及以上版本""将组件 php 升级至 8.2.8 及以上版本""将组件 php 升级至 8.1.22 及以上版本"

参考链接
https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html
https://lists.fedoraproject.org/archives/list/[email protected]...
https://security.netapp.com/advisory/ntap-20230825-0001/

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	php	php	*	From (including) 8.0.0	Up to (excluding) 8.0.30
	运行在以下环境
	应用	php	php	*	From (including) 8.1.0	Up to (excluding) 8.1.22
	运行在以下环境
	应用	php	php	*	From (including) 8.2.0	Up to (excluding) 8.2.8
	运行在以下环境
	系统	alpine_3.16	php8	*		Up to (excluding) 8.1.22-r0
	运行在以下环境
	系统	alpine_3.17	php81	*		Up to (excluding) 8.1.22-r0
	运行在以下环境
	系统	amazon_2	php	*		Up to (excluding) 8.0.30-1.amzn2
	运行在以下环境
	系统	amazon_2023	php8.1	*		Up to (excluding) 8.2.9-1.amzn2023.0.2
	运行在以下环境
	系统	anolis_os_23	php-soap	*		Up to (excluding) 8.2.10-1
	运行在以下环境
	系统	anolis_os_8	php-mbstring	*		Up to (excluding) 8.0.30-1.0.1
	运行在以下环境
	系统	debian_10	php7.3	*		Up to (excluding) 7.3.31-1~deb10u5
	运行在以下环境
	系统	debian_11	php7.4	*		Up to (including) 7.4.33-1+deb11u4
	运行在以下环境
	系统	debian_12	php8.2	*		Up to (including) 8.2.7-1~deb12u1
	运行在以下环境
	系统	debian_sid	php8.2	*		Up to (excluding) 8.2.10-1
	运行在以下环境
	系统	fedora_37	php-cli-debuginfo	*		Up to (excluding) 8.1.22-1.fc37
	运行在以下环境
	系统	fedora_38	php-cli-debuginfo	*		Up to (excluding) 8.2.9-1.fc38
	运行在以下环境
	系统	kylinos_aarch64_V10	php	*		Up to (excluding) 7.2.34-3.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10HPC	php	*		Up to (excluding) 8.0.30-1.ky10h
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	php	*		Up to (excluding) 7.2.34-3.p01.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	php	*		Up to (excluding) 7.2.34-3.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP3	php	*		Up to (excluding) 7.2.34-3.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	php	*		Up to (excluding) 7.2.34-3.p01.a.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP3	php	*		Up to (excluding) 7.2.34-3.p02.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10	php	*		Up to (excluding) 7.2.34-3.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10HPC	php	*		Up to (excluding) 8.0.30-1.ky10h
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	php	*		Up to (excluding) 7.2.34-3.p01.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	php	*		Up to (excluding) 7.2.34-3.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP3	php	*		Up to (excluding) 7.2.34-3.ky10
	运行在以下环境
	系统	opensuse_Leap_15.4	php7-firebird	*		Up to (excluding) 7.4.33-150400.4.28.1
	运行在以下环境
	系统	opensuse_Leap_15.5	php8-mbstring	*		Up to (excluding) 7.4.33-150400.4.28.1
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 8.0.30-1.module+el8.8.0+21196+6feda386
	运行在以下环境
	系统	oracle_9	oraclelinux-release	*		Up to (excluding) 8.0.30-1.el9_2
	运行在以下环境
系统	redhat_9	php-xml	*		Up to (excluding) 8.0.30-1.el9_2
运行在以下环境
系统	ubuntu_22.04	php8.1	*		Up to (excluding) 8.1.2-1ubuntu2.14
运行在以下环境
系统	unionos_e	php	*		Up to (excluding) php-8.0.30-1.uel20