In PHP versionsĀ 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLsĀ (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
Weakness
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 7.3.27 (including) | 7.3.33 (including) |
| Php | Php | 7.4.15 (including) | 7.4.33 (including) |
| Php | Php | 8.0.2 (including) | 8.0.30 (including) |
| Php | Php | 8.1.0 (including) | 8.1.29 (excluding) |
| Php | Php | 8.2.0 (including) | 8.2.20 (excluding) |
| Php | Php | 8.3.0 (including) | 8.3.8 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | php:8.2-8100020241112130045.f7998665 | * |
| Red Hat Enterprise Linux 8 | RedHat | php:7.4-8100020241113075828.f7998665 | * |
| Red Hat Enterprise Linux 9 | RedHat | php:8.2-9050020241112094217.9 | * |
| Red Hat Enterprise Linux 9 | RedHat | php:8.1-9050020241112144108.9 | * |
| Red Hat Enterprise Linux 9 | RedHat | php-0:8.0.30-2.el9 | * |
| Php5 | Ubuntu | trusty/esm | * |
| Php7.0 | Ubuntu | esm-infra/xenial | * |
| Php7.2 | Ubuntu | esm-infra/bionic | * |
| Php7.4 | Ubuntu | esm-infra/focal | * |
| Php7.4 | Ubuntu | focal | * |
| Php8.1 | Ubuntu | jammy | * |
| Php8.1 | Ubuntu | upstream | * |
| Php8.2 | Ubuntu | mantic | * |
| Php8.2 | Ubuntu | upstream | * |
| Php8.3 | Ubuntu | noble | * |
| Php8.3 | Ubuntu | oracular | * |
| Php8.3 | Ubuntu | upstream | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/111.html
- https://cwe.mitre.org/data/definitions/141.html
- https://cwe.mitre.org/data/definitions/142.html
- https://cwe.mitre.org/data/definitions/148.html
- https://cwe.mitre.org/data/definitions/218.html
- https://cwe.mitre.org/data/definitions/384.html
- https://cwe.mitre.org/data/definitions/385.html
- https://cwe.mitre.org/data/definitions/386.html
- https://cwe.mitre.org/data/definitions/387.html
- https://cwe.mitre.org/data/definitions/388.html
- https://cwe.mitre.org/data/definitions/665.html
- https://cwe.mitre.org/data/definitions/701.html
References
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w
- https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://security.netapp.com/advisory/ntap-20240726-0001/
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w
- https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html
- https://lists.debian.org/debian-lts-announce/2024/10/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://security.netapp.com/advisory/ntap-20240726-0001/