VDB
DEBIAN-CVE-2023-3824
DEBIAN-CVE-2023-3824
PUBLISHED
CVSS 9.800000190734863 CRITICAL
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | php8.2 | 0, 8.2.10-1, 8.2.10-2 |
| Debian:11 | php7.4 | 7.4.21-1+deb11u1, 7.4.25-1+deb11u1, 7.4.26-1 |
Exploit Intelligence
- Vulnerability in PHP Phar files, due to buffer overflow, arises from insufficient length checks on file names within the Phar archive. Malicious actors can craft Phar files with long file names, leading to buffer overflow and potential execution of malicious code or data leakage. This vulnerability can be exploited for code execution CVE-2023-3824 (github-poc-repo)
- poc-cve-2023-3824 (github-poc-repo)
- dadosneurais/cve-2023-3824 (github-poc-repo)
- dadosneurais/cve-2023-3824 (github-poc)
- poc-cve-2023-3824 (github-poc)
- Vulnerability in PHP Phar files, due to buffer overflow, arises from insufficient length checks on file names within the Phar archive. Malicious actors can craft Phar files with long file names, leading to buffer overflow and potential execution of malicious code or data leakage. This vulnerability can be exploited for code execution CVE-2023-3824 (github-poc)
- cve_db.json (github-poc)
Timeline
- Aug 11, 2023 CVE Published
- Apr 28, 2026 CVE Updated