VDB
BIT-libphp-2023-3824
BIT-libphp-2023-3824
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Buffer overflow and overread in phar_dir_read()
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | libphp | 8.0.0, 8.1.0, 8.2.0 |
Exploit Intelligence
- Vulnerability in PHP Phar files, due to buffer overflow, arises from insufficient length checks on file names within the Phar archive. Malicious actors can craft Phar files with long file names, leading to buffer overflow and potential execution of malicious code or data leakage. This vulnerability can be exploited for code execution CVE-2023-3824 (github-poc-repo)
- poc-cve-2023-3824 (github-poc-repo)
- dadosneurais/cve-2023-3824 (github-poc-repo)
- dadosneurais/cve-2023-3824 (github-poc)
- poc-cve-2023-3824 (github-poc)
- Vulnerability in PHP Phar files, due to buffer overflow, arises from insufficient length checks on file names within the Phar archive. Malicious actors can craft Phar files with long file names, leading to buffer overflow and potential execution of malicious code or data leakage. This vulnerability can be exploited for code execution CVE-2023-3824 (github-poc)
- cve_db.json (github-poc)
Timeline
- Aug 11, 2025 CVE Published
- Mar 16, 2026 CVE Updated
References
- https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv url
- https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-3824 url
- https://security.netapp.com/advisory/ntap-20230825-0001/ url