Search for vulnerabilities
Vulnerability details: VCID-pk1p-j9ae-aaad
Vulnerability ID VCID-pk1p-j9ae-aaad
Aliases CVE-2023-3824
Summary In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3824.json
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.16939 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17311 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17311 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17311 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.17687 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.60706 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
epss 0.72279 https://api.first.org/data/v1/epss?cve=CVE-2023-3824
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-3824
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-3824
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3824.json
https://api.first.org/data/v1/epss?cve=CVE-2023-3824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/
https://security.netapp.com/advisory/ntap-20230825-0001/
1043477 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477
2230101 https://bugzilla.redhat.com/show_bug.cgi?id=2230101
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-3824 https://nvd.nist.gov/vuln/detail/CVE-2023-3824
GLSA-202408-32 https://security.gentoo.org/glsa/202408-32
RHSA-2023:5926 https://access.redhat.com/errata/RHSA-2023:5926
RHSA-2023:5927 https://access.redhat.com/errata/RHSA-2023:5927
RHSA-2024:0387 https://access.redhat.com/errata/RHSA-2024:0387
RHSA-2024:10952 https://access.redhat.com/errata/RHSA-2024:10952
USN-6305-1 https://usn.ubuntu.com/6305-1/
USN-6305-2 https://usn.ubuntu.com/6305-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3824.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3824
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3824
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.32364
EPSS Score 0.00069
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.