Описание
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phar_dir_read() function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing the attacker to corrupt memory or cause a denial of service condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CodeReady Studio 12 | php | Out of support scope | ||
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat OpenShift Dev Spaces | php | Not affected | ||
| Red Hat Software Collections | rh-php73-php | Will not fix | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2023:5927 | 19.10.2023 |
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2024:10952 | 11.12.2024 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2023:5926 | 19.10.2023 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2024:0387 | 24.01.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...
Buffer overflow and overread in phar_dir_read()
Уязвимость функции phar_dir_read() интерпретатора PHP, позволяющая нарушителю выполнить произвольный код
EPSS
7 High
CVSS3