CVE-2023-3824
Summary
| CVE | CVE-2023-3824 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-08-11 06:15:00 UTC |
|---|
| Updated | 2023-10-27 18:58:00 UTC |
|---|
| Description | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| August 2023 PHP Vulnerabilities in NetApp Products | NetApp Product Security |
MISC |
security.netapp.com |
|
| [SECURITY] Fedora 38 Update: php-8.2.9-2.fc38 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| Buffer overflow and overread in phar_dir_read() · Advisory · php/php-src · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 3555-1] php7.3 security update |
MISC |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161008 Oracle Enterprise Linux Security Update for Hypertext Preprocessor (PHP) (ELSA-2023-5926)
- 161015 Oracle Enterprise Linux Security Update for php:8.0 (ELSA-2023-5927)
- 161313 Oracle Enterprise Linux Security Update for php:8.1 (ELSA-2024-0387)
- 199676 Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-6305-1)
- 200142 Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-6305-2)
- 242223 Red Hat Update for Hypertext Preprocessor (PHP) (RHSA-2023:5926)
- 242227 Red Hat Update for php:8.0 (RHSA-2023:5927)
- 242739 Red Hat Update for php:8.1 (RHSA-2024:0387)
- 284381 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2023-c68f2227e6)
- 284393 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2023-984c26961f)
- 356065 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.2-2023-002
- 356069 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-009
- 356073 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-004
- 356078 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.2-2023-002
- 356084 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-004
- 356089 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-009
- 38910 Hypertext Preprocessor (PHP) Multiple Vulnerabilities
- 503088 Alpine Linux Security Update for php81
- 503096 Alpine Linux Security Update for php8
- 503854 Alpine Linux Security Update for php81
- 6000162 Debian Security Update for php7.3 (DLA 3555-1)
- 6000571 Debian Security Update for php8.2 (DSA 5661-1)
- 673417 EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2023-3145)
- 907261 Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (27943-1)
- 941313 AlmaLinux Security Update for php:8.0 (ALSA-2023:5927)
- 941321 AlmaLinux Security Update for Hypertext Preprocessor (PHP) (ALSA-2023:5926)
- 941553 AlmaLinux Security Update for php:8.1 (ALSA-2024:0387)
- 961052 Rocky Linux Security Update for Hypertext Preprocessor (PHP) (RLSA-2023:5926)
- 961062 Rocky Linux Security Update for php:8.0 (RLSA-2023:5927)
- 961115 Rocky Linux Security Update for php:8.1 (RLSA-2024:0387)
