CVE-2023-3824

Updated: 2023-11-04 20:18:17.12304

Description:

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS php 5.3.3 9.8 CRITICAL Released CLSA-2023:1692632368 2023-09-07 05:06:43
CentOS 8.4 ELS php 7.4.6 9.8 CRITICAL Released CLSA-2023:1692631677 2023-08-21 14:08:45
CentOS 8.5 ELS php 7.4.19 9.8 CRITICAL Released CLSA-2023:1692632011 2023-08-21 14:08:46
CloudLinux 6 ELS php 5.3.3 9.8 CRITICAL Released CLSA-2023:1692632583 2023-09-07 09:28:40
Oracle Linux 6 ELS php 5.3.3 9.8 CRITICAL Released CLSA-2023:1692817120 2023-08-23 17:06:03
Ubuntu 16.04 ELS php 7.0.33 9.8 CRITICAL Released CLSA-2023:1692817288 2023-08-23 17:06:04
Ubuntu 18.04 ELS php 7.2.24-0 9.8 CRITICAL Released CLSA-2023:1692817457 2023-08-23 17:06:05