Lucene search

CVE-2023-3824

🗓️ 11 Aug 2023 06:10:15Reported by phpType

cve🔗 web.nvd.nist.gov📰️ 22 Media mentions👁 719 Views🌐 WEB

PHP version 8.0.x/8.1.x/8.2.x stack buffer overflow in phar file loadin

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 140
NVD	CVE-2023-3824	11 Aug 202306:15	–	nvd
The Hacker News	LockBit Ransomware Group Resurfaces After Law Enforcement Takedown	26 Feb 202404:57	–	thn
The Hacker News	LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid	20 Feb 202405:25	–	thn
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php	9 Mar 202408:23	–	githubexploit
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php	8 Jan 202501:43	–	githubexploit
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php	18 Mar 202402:19	–	githubexploit
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php	10 Feb 202516:03	–	githubexploit
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php	19 Jul 202402:37	–	githubexploit
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php	9 Mar 202408:23	–	githubexploit
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php	11 Oct 202410:53	–	githubexploit

Nvd

Node

php phpRange8.0.0–8.0.30

php phpRange8.1.0–8.1.22

php phpRange8.2.0–8.2.9

Node

fedoraproject fedoraMatch38

Node

debian debian_linuxMatch10.0

[
  {
    "defaultStatus": "affected",
    "product": "PHP",
    "vendor": "PHP Group",
    "versions": [
      {
        "lessThan": "8.0.30",
        "status": "affected",
        "version": "8.0.*",
        "versionType": "semver"
      },
      {
        "lessThan": "8.1.22",
        "status": "affected",
        "version": "8.1.*",
        "versionType": "semver"
      },
      {
        "lessThan": "8.2.8",
        "status": "affected",
        "version": "8.2.*",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/
lists	www.lists.debian.org/debian-lts-announce/2023/09/msg00002.html
github	www.github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
security	www.security.netapp.com/advisory/ntap-20230825-0001/

Parameter	Position	Path	Description	CWE
remote_url	binary	/form-uploader.php	CVE-2023-3824 is a critical RCE vulnerability in PHP due to insufficient length checking when processing PHAR files, leading to stack buffer overflow.	CWE-119

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Aug 2023 06:15Current

8.9High risk

Vulners AI Score8.9

CVSS39.4 - 9.8

EPSS0.16939

CWE-119