CVE-2015-9253
Description
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.996
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| HTML-embedded scripting language interpreter (USN-3766-1) php5-cgi_5.5.9+dfsg-1ubuntu4.26_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3766-1) php5-cgi_5.5.9+dfsg-1ubuntu4.26_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3766-1) php5-cli_5.5.9+dfsg-1ubuntu4.26_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3766-1) php5-cli_5.5.9+dfsg-1ubuntu4.26_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3766-1) php5-fpm_5.5.9+dfsg-1ubuntu4.26_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3766-1) php5-fpm_5.5.9+dfsg-1ubuntu4.26_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3766-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.26_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3766-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.26_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.0-cgi_7.0.33-0ubuntu0.16.04.11_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.0-cgi_7.0.33-0ubuntu0.16.04.11_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.0-cli_7.0.33-0ubuntu0.16.04.11_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.0-cli_7.0.33-0ubuntu0.16.04.11_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.0-fpm_7.0.33-0ubuntu0.16.04.11_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.0-fpm_7.0.33-0ubuntu0.16.04.11_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.2-cgi_7.2.24-0ubuntu0.18.04.3_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.2-cgi_7.2.24-0ubuntu0.18.04.3_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.2-cli_7.2.24-0ubuntu0.18.04.3_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.2-cli_7.2.24-0ubuntu0.18.04.3_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.2-fpm_7.2.24-0ubuntu0.18.04.3_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.2-fpm_7.2.24-0ubuntu0.18.04.3_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.3-cgi_7.3.11-0ubuntu0.19.10.3_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.3-cgi_7.3.11-0ubuntu0.19.10.3_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.3-cli_7.3.11-0ubuntu0.19.10.3_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.3-cli_7.3.11-0ubuntu0.19.10.3_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.3-fpm_7.3.11-0ubuntu0.19.10.3_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) php7.3-fpm_7.3.11-0ubuntu0.19.10.3_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.11_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.11_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) libapache2-mod-php7.2_7.2.24-0ubuntu0.18.04.3_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) libapache2-mod-php7.2_7.2.24-0ubuntu0.18.04.3_amd64.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) libapache2-mod-php7.3_7.3.11-0ubuntu0.19.10.3_i386.deb | Linux |
| server-side, HTML-embedded scripting language (metapackage) (USN-4279-1) libapache2-mod-php7.3_7.3.11-0ubuntu0.19.10.3_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-4279-2) php7.0-cgi_7.0.33-0ubuntu0.16.04.12_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-4279-2) php7.0-cgi_7.0.33-0ubuntu0.16.04.12_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-4279-2) php7.0-cli_7.0.33-0ubuntu0.16.04.12_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-4279-2) php7.0-cli_7.0.33-0ubuntu0.16.04.12_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-4279-2) php7.0-fpm_7.0.33-0ubuntu0.16.04.12_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-4279-2) php7.0-fpm_7.0.33-0ubuntu0.16.04.12_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-4279-2) libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.12_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-4279-2) libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.12_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234