Updated: 2026-02-27 01:58:24.587521
Description:
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | php | 8.0.30 | 9.8 | CRITICAL | Already Fixed | 2025-01-14 02:42:06 | Already fixed | |
| CentOS 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Released | CLSA-2023:1692632368 | 2023-09-07 05:06:43 | |
| CentOS 7 ELS | php | 5.4.16 | 9.8 | CRITICAL | Released | CLSA-2024:1706700142 | 2024-02-19 10:09:26 | |
| CentOS 8.4 ELS | php | 7.4.6 | 9.8 | CRITICAL | Released | CLSA-2023:1692631677 | 2023-08-21 14:08:45 | |
| CentOS 8.5 ELS | php | 7.4.19 | 9.8 | CRITICAL | Released | CLSA-2023:1692632011 | 2023-08-21 14:08:46 | |
| CentOS Stream 8 ELS | php | 7.2.24 | 9.8 | CRITICAL | Released | CLSA-2024:1734368090 | 2024-12-16 11:55:45 | |
| CloudLinux 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Released | CLSA-2023:1692632583 | 2023-09-07 09:28:40 | |
| CloudLinux 7 ELS | php | 5.4.16 | 9.8 | CRITICAL | Released | CLSA-2025:1753961203 | 2025-08-13 02:38:32 | |
| Debian 10 ELS | php | 7.3 | 9.8 | CRITICAL | Already Fixed | 2025-10-15 20:17:02 | ||
| Oracle Linux 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Released | CLSA-2023:1692817120 | 2023-08-23 17:06:03 |