Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-3824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length...

9.8CVSS7.7AI score0.08003EPSS
Exploits3References2
OSV
OSV
added 2025/08/11 1:53 p.m.7 views

BIT-LIBPHP-2023-3824 Buffer overflow and overread in phar_dir_read()

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

9.8CVSS9.1AI score0.08003EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2024/12/11 4:20 p.m.5 views

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

9.8CVSS6AI score0.08003EPSS
Exploits3References7
OSV
OSV
added 2024/01/31 11:22 a.m.9 views

CLSA-2024-1706700142 php: Fix of 8 CVEs

CVE-2021-21702: Fix null pointer crash because of malformed SOAP server response - CVE-2021-21703: Fix error in php fpm shared memory organization leading to privilage escalation - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE - CVE-2022-31626: Fix buffer overflow in mysqlnd...

9.8CVSS7.2AI score0.5838EPSS
Exploits9References1
RedHat Linux
RedHat Linux
added 2024/01/24 9:59 a.m.2 views

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

9.8CVSS7.5AI score0.08003EPSS
Exploits3References7
BDU FSTEC
BDU FSTEC
added 2023/10/13 12:0 a.m.6 views

The vulnerability of the phar_dir_read() function in the PHP interpreter allows a hacker to execute arbitrary code.

The vulnerability of the phardirread function in the PHP interpreter arises due to an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.6AI score0.08003EPSS
Exploits3References10Affected Software6
Amazon
Amazon
added 2023/09/13 12:0 a.m.7 views

Important: php

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

9.8CVSS7.1AI score0.08003EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.29 views

SUSE SLES15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2023:3498-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3498-1 advisory. - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. bsc1214106 - CVE-2023-3824:...

9.8CVSS7.4AI score0.08003EPSS
Exploits4References7
OSV
OSV
added 2023/08/23 7:4 p.m.5 views

CLSA-2023-1692817457 Fix CVE(s): CVE-2023-3823, CVE-2023-3824

SECURITY UPDATE: external entity loading in XML without enabling it - debian/patches/CVE-2023-3823.patch: sanitize libxml2 globals before parsing. - CVE-2023-3823 SECURITY UPDATE: buffer mismanagement in phardirread - debian/patches/php-upstream-CVE-2023-3824.patch: fix buffer mismanagement in...

9.8CVSS7.1AI score0.08003EPSS
Exploits4References1
OSV
OSV
added 2023/08/23 7:1 p.m.4 views

CLSA-2023-1692817288 Fix CVE(s): CVE-2023-3824, CVE-2023-3823

SECURITY UPDATE: external entity loading in XML without enabling it - debian/patches/php-7.1-CVE-2023-3823.patch: sanitize libxml2 globals before parsing. - CVE-2023-3823 SECURITY UPDATE: buffer mismanagement in phardirread - debian/patches/php-upstream-CVE-2023-3824.patch: fix buffer mismanageme...

9.8CVSS7AI score0.08003EPSS
Exploits4References1
Microsoft CVE
Microsoft CVE
added 2023/08/22 7:0 a.m.4 views

Buffer overflow and overread in phar_dir_read()

...

9.8CVSS7.8AI score0.08003EPSS
Exploits3
OSV
OSV
added 2023/08/21 3:39 p.m.7 views

CLSA-2023-1692632368 php: Fix of 2 CVEs

CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phardirread...

9.8CVSS6.3AI score0.08003EPSS
Exploits4References1
OSV
OSV
added 2023/08/21 3:28 p.m.8 views

CLSA-2023-1692631677 php: Fix of 2 CVEs

CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phardirread...

9.8CVSS7.1AI score0.08003EPSS
Exploits4References1
OSV
OSV
added 2023/08/11 6:15 a.m.6 views

AZL-63070 CVE-2023-3824 affecting package php for versions less than 8.2.8-1

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

9.8CVSS7.1AI score0.08003EPSS
Exploits3References1
Rows per page
Query Builder