CVE-2023-3824

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 11, 2023

Updated: Oct 27, 2023

CWE ID 119

Summary

CVE-2023-3824 is a vulnerability affecting PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8. During the loading process of a phar file, insufficient length checking can result in a stack buffer overflow. This issue may lead to memory corruption or even remote code execution (RCE). The vulnerability is located in the process of reading PHAR directory entries.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PHP: Hypertext Preprocessor
Debian
Fedora Operating System

Affected Vendors

Php
Debian
Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sEslaW
https://www.cve.org/CVERecord?id=CVE-2023-3824
https://nvd.nist.gov/vuln/detail/CVE-2023-3824

Back to Vulnerability Database