A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | php72 | 2024-02-14 20:03 | ALAS-2024-1921 |
Amazon Linux 1 | php72 | 2020-02-04 22:42 | ALAS-2020-1339 |
Amazon Linux 1 | php73 | 2024-02-01 19:33 | ALAS-2024-1918 |
Amazon Linux 1 | php73 | 2020-02-04 22:42 | ALAS-2020-1339 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
NVD | CVSSv3 | 3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |