CVE-2023-3824

CRITICAL EXPLOITED RANSOMWARE

PHP <8.0.30-8.2.8 - Buffer Overflow

Title source: llm

Description

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.

Exploits (4)

nomisec WORKING POC 3 stars

by jhonnybonny · poc

https://github.com/jhonnybonny/CVE-2023-3824

View Code ZIP pw:eip

nomisec WORKING POC

by dadosneurais · poc

https://github.com/dadosneurais/cve-2023-3824

View Code ZIP pw:eip

nomisec SUSPICIOUS

by bluefish3r · poc

https://github.com/bluefish3r/poc-cve

View Code ZIP pw:eip

inthewild

poc

https://github.com/newlockbit/cve-2023-3824-php-to-rce-lockbit-leak

View on inthewild

References (4)

[Exploit, Third Party Advisory] https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20230825-0001/

Scores

CVSS v3 9.4

EPSS 0.3237

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Details

VulnCheck KEV 2024-05-06

Ransomware Use Confirmed

CWE

CWE-119

Status published

Products (3)

debian/debian_linux 10.0

fedoraproject/fedora 38

php/php 8.0.0 - 8.0.30

Published Aug 11, 2023

Tracked Since Feb 18, 2026