CVE-2023-3824

CVSS V2 None CVSS V3 None
Description
In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 
Overview
  • CVE ID
  • CVE-2023-3824
  • Assigner
  • security@php.net
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-08-11T06:15:10
  • Last Modified Date
  • 2023-09-05T23:15:07
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 1 OR 8.0.0 8.0.30
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 1 OR 8.1.0 8.1.22
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 1 OR 8.2.0 8.2.8
History
Created Old Value New Value Data Type Notes
2023-09-06 03:36:28 Added to TrackCVE
2023-09-06 03:36:31 Weakness Enumeration new