It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)

It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)

References

launchpad.net/bugs/2071768

ubuntu.com/security/notices/USN-6305-3

nessus 42

openvas 19

osv 15

mageia 1

ubuntu 3

fedora 2

cloudlinux 1

debian 3

redos 1

thn 2

nvd 2

githubexploit 4

hivepro 1

prion 2

cnvd 1

krebs 2

veracode 2

debiancve 2

alpinelinux 2

cvelist 2

ubuntucve 2

cbl_mariner 1

cve 2

redhatcve 2

redhat 3

rocky 3

oraclelinux 3

almalinux 3

gentoo 1

qualysblog 1

hp 1

oracle 2

nessus

Ubuntu 22.04 LTS / 23.04 : PHP vulnerabilities (USN-6305-1)

2023-08-23 00:00:00

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2023-324)

2023-09-08 00:00:00

Fedora 38 : php (2023-984c26961f)

2023-08-12 00:00:00

openvas

openSUSE: Security Advisory for php7 (SUSE-SU-2023:3541-1)

2024-03-04 00:00:00

openSUSE: Security Advisory for php7 (SUSE-SU-2023:3528-1)

2024-03-04 00:00:00

Ubuntu: Security Advisory (USN-6305-2)

2024-02-28 00:00:00

osv

php7.3 - security update

2023-09-05 00:00:00

php7.0, php7.2, php7.4 vulnerabilities

2024-02-27 10:17:32

php8.1 vulnerabilities

2023-08-23 16:40:19

mageia

Updated php packages fix security vulnerability

2023-08-23 22:56:41

ubuntu

PHP vulnerabilities

2024-02-27 00:00:00

PHP vulnerabilities

2023-08-23 00:00:00

PHP regression

2024-07-03 00:00:00

fedora

[SECURITY] Fedora 37 Update: php-8.1.22-1.fc37

2023-08-11 01:01:34

[SECURITY] Fedora 38 Update: php-8.2.9-2.fc38

2023-08-12 04:25:54

cloudlinux

php: Fix of 2 CVEs

2023-08-21 15:39:32

debian

[SECURITY] [DLA 3555-1] php7.3 security update

2023-09-05 21:01:39

[SECURITY] [DSA 5661-1] php8.2 security update

2024-04-15 19:27:08

[SECURITY] [DSA 5660-1] php7.4 security update

2024-04-15 19:25:52

redos

ROS-20240816-08

2024-08-16 00:00:00

thn

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

2024-02-26 04:57:00

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

2024-02-20 05:25:00

nvd

CVE-2023-3824

2023-08-11 06:15:10

CVE-2023-3823

2023-08-11 06:15:09

githubexploit

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php

2024-03-09 08:23:09

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php

2024-03-09 08:23:09

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php

2024-07-19 02:37:36

hivepro

LockBit Takedown and Resurgence

2024-03-19 19:26:05

prion

Stack overflow

2023-08-11 06:15:00

Xxe

2023-08-11 06:15:00

cnvd

PHP buffer overflow vulnerability (CNVD-2023-64640)

2023-08-15 00:00:00

krebs

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

2024-02-20 17:09:00

FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.

2024-02-26 02:17:55

veracode

Buffer Overflow

2023-08-06 12:58:00

XML External Entity (XXE)

2023-08-06 12:57:55

debiancve

CVE-2023-3824

2023-08-11 06:15:10

CVE-2023-3823

2023-08-11 06:15:09

alpinelinux

CVE-2023-3824

2023-08-11 06:15:10

CVE-2023-3823

2023-08-11 06:15:09

cvelist

CVE-2023-3824 Buffer overflow and overread in phar_dir_read()

2023-08-11 05:48:34

CVE-2023-3823 Security issue with external entity loading in XML without enabling it

2023-08-11 05:42:25

ubuntucve

CVE-2023-3824

2023-08-11 00:00:00

CVE-2023-3823

2023-08-11 00:00:00

cbl_mariner

CVE-2023-3824 affecting package php for versions less than 8.1.22-1

2023-09-13 02:10:38

cve

CVE-2023-3823

2023-08-11 06:15:09

CVE-2023-3824

2023-08-11 06:15:10

redhatcve

CVE-2023-3824

2023-08-22 17:49:49

CVE-2023-3823

2023-08-22 17:49:49

redhat

(RHSA-2024:0387) Moderate: php:8.1 security update

2024-01-24 09:41:37

(RHSA-2023:5926) Important: php security update

2023-10-19 12:43:29

(RHSA-2023:5927) Important: php:8.0 security update

2023-10-19 12:45:04

rocky

php security update

2023-10-24 18:36:55

php:8.1 security update

2024-02-12 20:17:50

php:8.0 security update

2023-10-24 18:35:47

oraclelinux

php security update

2023-10-22 00:00:00

php:8.0 security update

2023-10-23 00:00:00

php:8.1 security update

2024-01-25 00:00:00

almalinux

Important: php:8.0 security update

2023-10-19 00:00:00

Moderate: php:8.1 security update

2024-01-24 00:00:00

Important: php security update

2023-10-19 00:00:00

gentoo

PHP: Multiple Vulnerabilities

2024-08-12 00:00:00

qualysblog

Oracle Patch Tuesday, October 2023 Security Update Review

2023-10-18 17:11:20

HP Device Manager Security Updates

2023-10-20 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

49.3%

JSON

Related for OSV:USN-6305-3