Skip to main content

CVE-2023-3824

Description

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 

NVD
Severity: CRITICAL
CVE ID: CVE-2023-3824
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PHP Group
Severity: CRITICAL
CVE ID: CVE-2023-3824
CVSS Score: 9.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Refrence: NVDMITRE

Proof Of Concept

StayBeautiful-collab

Refrence: GitHub

jhonnybonny

Vulnerability in PHP Phar files, due to buffer overflow, arises from insufficient length checks on file names within the Phar archive. Malicious actors can craft Phar files with long file names, leading to buffer overflow and potential execution of malicious code or data leakage. This vulnerability can be exploited for code execution CVE-2023-3824

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8