CVE-2023-3824
Description
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-3824
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PHP Group
Severity: CRITICAL
CVE ID: CVE-2023-3824
CVSS Score: 9.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Proof Of Concept
StayBeautiful-collab
Refrence: GitHub
jhonnybonny
Vulnerability in PHP Phar files, due to buffer overflow, arises from insufficient length checks on file names within the Phar archive. Malicious actors can craft Phar files with long file names, leading to buffer overflow and potential execution of malicious code or data leakage. This vulnerability can be exploited for code execution CVE-2023-3824
Refrence: GitHub