vulnerability

Oracle Linux: CVE-2023-3824: ELSA-2023-5926: php security update (IMPORTANT) (Multiple Advisories)

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:C)
Published
Aug 3, 2023
Added
Oct 23, 2023
Modified
Apr 30, 2025

Description

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 
A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phar_dir_read() function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing the attacker to corrupt memory or cause a denial of service condition.

Solution(s)

oracle-linux-upgrade-apcu-paneloracle-linux-upgrade-libziporacle-linux-upgrade-libzip-develoracle-linux-upgrade-libzip-toolsoracle-linux-upgrade-phporacle-linux-upgrade-php-bcmathoracle-linux-upgrade-php-clioracle-linux-upgrade-php-commonoracle-linux-upgrade-php-dbaoracle-linux-upgrade-php-dbgoracle-linux-upgrade-php-develoracle-linux-upgrade-php-embeddedoracle-linux-upgrade-php-enchantoracle-linux-upgrade-php-ffioracle-linux-upgrade-php-fpmoracle-linux-upgrade-php-gdoracle-linux-upgrade-php-gmporacle-linux-upgrade-php-intloracle-linux-upgrade-php-jsonoracle-linux-upgrade-php-ldaporacle-linux-upgrade-php-mbstringoracle-linux-upgrade-php-mysqlndoracle-linux-upgrade-php-odbcoracle-linux-upgrade-php-opcacheoracle-linux-upgrade-php-pdooracle-linux-upgrade-php-pearoracle-linux-upgrade-php-pecl-apcuoracle-linux-upgrade-php-pecl-apcu-develoracle-linux-upgrade-php-pecl-rrdoracle-linux-upgrade-php-pecl-xdebugoracle-linux-upgrade-php-pecl-xdebug3oracle-linux-upgrade-php-pecl-ziporacle-linux-upgrade-php-pgsqloracle-linux-upgrade-php-processoracle-linux-upgrade-php-snmporacle-linux-upgrade-php-soaporacle-linux-upgrade-php-xmloracle-linux-upgrade-php-xmlrpc

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today