Updated: 2023-11-04 20:18:17.12304
Description:
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Released | CLSA-2023:1692632368 | 2023-09-07 05:06:43 |
| CentOS 8.4 ELS | php | 7.4.6 | 9.8 | CRITICAL | Released | CLSA-2023:1692631677 | 2023-08-21 14:08:45 |
| CentOS 8.5 ELS | php | 7.4.19 | 9.8 | CRITICAL | Released | CLSA-2023:1692632011 | 2023-08-21 14:08:46 |
| CloudLinux 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Released | CLSA-2023:1692632583 | 2023-09-07 09:28:40 |
| Oracle Linux 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Released | CLSA-2023:1692817120 | 2023-08-23 17:06:03 |
| Ubuntu 16.04 ELS | php | 7.0.33 | 9.8 | CRITICAL | Released | CLSA-2023:1692817288 | 2023-08-23 17:06:04 |
| Ubuntu 18.04 ELS | php | 7.2.24-0 | 9.8 | CRITICAL | Released | CLSA-2023:1692817457 | 2023-08-23 17:06:05 |