CVE-2023-3824
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 11, 2023
Updated: Oct 27, 2023
CWE ID 119
Summary
CVE-2023-3824 is a vulnerability affecting PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8. During the loading process of a phar file, insufficient length checking can result in a stack buffer overflow. This issue may lead to memory corruption or even remote code execution (RCE). The vulnerability is located in the process of reading PHAR directory entries.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- PHP: Hypertext Preprocessor
- Debian
- Fedora Operating System
Affected Vendors
- Php
- Debian
- Fedora Project