CVE-2023-0568
Array overrun in common path resolve codeIn PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
We have discovered 353,546 live websites that are affected by CVE-2023-0568.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 353,546 live websites (4.05% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 47 versions ( 8.59% of all versions) |
Common Weakness Enumeration
CWE-131 Incorrect Calculation of Buffer SizeDetails
- Published - Feb 16, 2023
- Updated - Feb 13, 2025
Credits
- Niels Dossche (finder)
CWE
CVE References
CWE References
CVE-2023-0568 usage by Country
 United States | 230,213 websites |
 France | 76,266 websites |
 Germany | 8,417 websites |
 Russia | 4,482 websites |
 Netherlands | 4,367 websites |
 Brazil | 3,384 websites |
 Poland | 2,441 websites |
 Spain | 2,192 websites |
 GB | 2,148 websites |
 Japan | 1,473 websites |
CVE-2023-0568 usage by TLD
| .com | 200,302 websites |
| .fr | 30,042 websites |
| .org | 25,153 websites |
| .net | 10,180 websites |
| .de | 6,614 websites |
| .ca | 6,298 websites |
| .co.uk | 5,786 websites |
| .nl | 5,423 websites |
| .ru | 5,016 websites |
| .be | 4,459 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-0568
Top websites that are affected by CVE-2023-0568. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *** | |
| ******.com | United States | *,*** | |
| ****.com |  China | *,*** | |
| ***************.org | United States | *,*** | |
| *********.com | United States | *,*** | |
| ******.org | United States | *,*** | |
| **********.edu | United States | *,*** | |
| ***************.com | United States | *,*** | |
| ***************.com |  Singapore | *,*** | |
| ***********.com | United States | *,*** |
FAQ
CVE-2023-0568 is Incorrect Calculation of Buffer Size in PHP
A total of 353,546 websites have been identified as vulnerable to CVE-2023-0568, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2023-0568 vulnerability.
PHP versions before 8.2.3 are vulnerable to CVE-2023-0568.
Version 8.2.3 of PHP addresses the CVE-2023-0568 security vulnerability.