CVE-2023-3824
Buffer overflow and overread in phar_dir_read()
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Productos afectados
PHP Group · PHPPoCs públicas encontradas — 3
githubgithub.com/jhonnybonny/CVE-2023-3824★ 3githubgithub.com/dadosneurais/cve-2023-3824★ 0githubgithub.com/bluefish3r/poc-cve★ 0⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhvhttps://lists.debian.org/debian-lts-announce/2023/09/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/https://security.netapp.com/advisory/ntap-20230825-0001/