Vulnerability Description
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | >= 8.0.0, < 8.0.30 |
| Fedoraproject | Fedora | 38 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhvExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00002.htmlMailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://security.netapp.com/advisory/ntap-20230825-0001/Third Party Advisory
- https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhvExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00002.htmlMailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://security.netapp.com/advisory/ntap-20230825-0001/Third Party Advisory
FAQ
What is CVE-2023-3824?
CVE-2023-3824 is a vulnerability with a CVSS score of 9.4 (CRITICAL). In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer ...
How severe is CVE-2023-3824?
CVE-2023-3824 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-3824?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Fedoraproject Fedora, Debian Debian Linux.