CVE-2023-3824
Buffer overflow and overread in phar_dir_read()
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected products
PHP Group · PHPpublic PoCs found — 3
githubgithub.com/jhonnybonny/CVE-2023-3824★ 3githubgithub.com/dadosneurais/cve-2023-3824★ 0githubgithub.com/bluefish3r/poc-cve★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhvhttps://lists.debian.org/debian-lts-announce/2023/09/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/https://security.netapp.com/advisory/ntap-20230825-0001/