Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Read More
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Explore Training
Submit support requests and browse self-service resources.
Explore Support
DOS vulnerability when parsing multipart request body
When parsing a multipart request body, depending on the number of parts and total size of the request body, PHP may fill all memory and/or available disk space, leading to a DoS vector. This vulnerability affects the mod_php and php-fpm SAPIs across all PHP versions.
We strongly recommend upgrading to a known patched version of PHP immediately.
If you cannot, you can mitigate this attack in a couple of ways:
memory_limit
php.ini
post_max_size
8M
upload_max_filesize
Additionally, both Apache HTTPD and nginx have configuration settings for rejecting requests that are larger than a configured size (for Apache HTTPD, this is the SecRequestBodyLimit setting via mod_security; for nginx, create a condition based on the $request_length variable).
SecRequestBodyLimit
$request_length
Direct link to CVE-2023-0662 >
< View all CVEs