Vulnerability CVE-2023-3824: Information
Description
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| php8.0 | p10 | 8.0.30-alt1 | 8.0.30-alt1 | ALT-PU-2023-5713-2 | 329785 | Fixed |
| php8.0 | p10_e2k | 8.0.30-alt1 | 8.0.30-alt1 | ALT-PU-2023-5813-1 | - | Fixed |
| php8.0 | c10f1 | 8.0.30-alt1 | 8.0.30-alt1 | ALT-PU-2023-5714-2 | 329786 | Fixed |
| php8.1 | p10 | 8.1.23-alt1 | 8.1.28-alt1 | ALT-PU-2023-5911-3 | 330469 | Fixed |
| php8.1 | p10_e2k | 8.1.23-alt1 | 8.1.28-alt1 | ALT-PU-2023-6104-1 | - | Fixed |
| php8.1 | c10f1 | 8.1.25-alt1 | 8.1.28-alt1 | ALT-PU-2023-7019-2 | 333829 | Fixed |
| php8.2 | c10f1 | 8.2.12-alt1 | 8.2.15-alt1 | ALT-PU-2023-7021-2 | 333840 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv |
|
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/ |
|
| https://security.netapp.com/advisory/ntap-20230825-0001/ |
|
| https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html |
|