CVE-2023-3824
Buffer overflow and overread in phar_dir_read()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
En PHP versión 8.0.* antes de 8.0.30, 8.1.* antes de 8.1.22, y 8.2.* antes de 8.2.8, al cargar el archivo phar, mientras se leen las entradas del directorio PHAR, una comprobación de longitud insuficiente puede conducir a un desbordamiento del búfer de pila, llevando potencialmente a corrupción de memoria o RCE.
A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phar_dir_read() function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing the attacker to corrupt memory or cause a denial of service condition.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-21 CVE Reserved
- 2023-08-11 CVE Published
- 2024-03-10 First Exploit
- 2024-08-02 CVE Updated
- 2024-10-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
- CAPEC-100: Overflow Buffers
References (9)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html | Mailing List | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA | Mailing List | |
https://security.netapp.com/advisory/ntap-20230825-0001 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/jhonnybonny/CVE-2023-3824 | 2024-03-18 | |
https://github.com/m1sn0w/CVE-2023-3824 | 2024-07-19 | |
https://github.com/Starla2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK | 2024-03-10 | |
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-3824 | 2024-01-24 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2230101 | 2024-01-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 8.0.0 < 8.0.30 Search vendor "Php" for product "Php" and version " >= 8.0.0 < 8.0.30" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 8.1.0 < 8.1.22 Search vendor "Php" for product "Php" and version " >= 8.1.0 < 8.1.22" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 8.2.0 < 8.2.9 Search vendor "Php" for product "Php" and version " >= 8.2.0 < 8.2.9" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|