14 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-3824
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length...
BIT-LIBPHP-2023-3824 Buffer overflow and overread in phar_dir_read()
In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...
php: phar Buffer mismanagement
A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...
CLSA-2024-1706700142 php: Fix of 8 CVEs
CVE-2021-21702: Fix null pointer crash because of malformed SOAP server response - CVE-2021-21703: Fix error in php fpm shared memory organization leading to privilage escalation - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE - CVE-2022-31626: Fix buffer overflow in mysqlnd...
php: phar Buffer mismanagement
A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...
The vulnerability of the phar_dir_read() function in the PHP interpreter allows a hacker to execute arbitrary code.
The vulnerability of the phardirread function in the PHP interpreter arises due to an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Important: php
Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...
SUSE SLES15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2023:3498-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3498-1 advisory. - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. bsc1214106 - CVE-2023-3824:...
CLSA-2023-1692817457 Fix CVE(s): CVE-2023-3823, CVE-2023-3824
SECURITY UPDATE: external entity loading in XML without enabling it - debian/patches/CVE-2023-3823.patch: sanitize libxml2 globals before parsing. - CVE-2023-3823 SECURITY UPDATE: buffer mismanagement in phardirread - debian/patches/php-upstream-CVE-2023-3824.patch: fix buffer mismanagement in...
CLSA-2023-1692817288 Fix CVE(s): CVE-2023-3824, CVE-2023-3823
SECURITY UPDATE: external entity loading in XML without enabling it - debian/patches/php-7.1-CVE-2023-3823.patch: sanitize libxml2 globals before parsing. - CVE-2023-3823 SECURITY UPDATE: buffer mismanagement in phardirread - debian/patches/php-upstream-CVE-2023-3824.patch: fix buffer mismanageme...
Buffer overflow and overread in phar_dir_read()
...
CLSA-2023-1692632368 php: Fix of 2 CVEs
CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phardirread...
CLSA-2023-1692631677 php: Fix of 2 CVEs
CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phardirread...
AZL-63070 CVE-2023-3824 affecting package php for versions less than 8.2.8-1
In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...