VDB
ALAS2-2025-2832
ALAS2-2025-2832
PUBLISHED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | php |
Exploit Intelligence
- Vulnerability in PHP Phar files, due to buffer overflow, arises from insufficient length checks on file names within the Phar archive. Malicious actors can craft Phar files with long file names, leading to buffer overflow and potential execution of malicious code or data leakage. This vulnerability can be exploited for code execution CVE-2023-3824 (github-poc-repo)
- poc-cve-2023-3824 (github-poc-repo)
- dadosneurais/cve-2023-3824 (github-poc-repo)
- dadosneurais/cve-2023-3824 (github-poc)
- poc-cve-2023-3824 (github-poc)
- Vulnerability in PHP Phar files, due to buffer overflow, arises from insufficient length checks on file names within the Phar archive. Malicious actors can craft Phar files with long file names, leading to buffer overflow and potential execution of malicious code or data leakage. This vulnerability can be exploited for code execution CVE-2023-3824 (github-poc)
- An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read (github-poc)
- Heap-buffer-overflow in Oniguruma (function gb18030_mbc_enc_len) (github-poc)
- index.html (github-poc)
- index.php (github-poc)
…and 2 more exploits
Timeline
- Apr 16, 2025 CVE Published
References
- ALAS2-2025-2832: php (important) advisory