What is the severity of CVE-2023-3824?

The severity of CVE-2023-3824 is critical.

How does CVE-2023-3824 affect PHP?

CVE-2023-3824 affects PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8.

What is the potential impact of CVE-2023-3824?

CVE-2023-3824 can lead to memory corruption or remote code execution (RCE).

How can I fix CVE-2023-3824?

To fix CVE-2023-3824, upgrade PHP to version 8.2.9 or later.

Where can I find more information about CVE-2023-3824?

You can find more information about CVE-2023-3824 at the following references: [Link 1](https://www.php.net/ChangeLog-8.php#8.2.9), [Link 2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824), [Link 3](https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv)

Vulnerability/
CVE-2023-3824

critical

9.8

CWE

119

3/8/2023

11/8/2023

2/8/2024

CVE-2023-3824: Buffer overflow and overread in phar_dir_read()

First published: Thu Aug 03 2023(Updated: )

<a href="https://www.php.net/ChangeLog-8.php#8.0.30">https://www.php.net/ChangeLog-8.php#8.0.30</a> Phar: Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (<a href="https://access.redhat.com/security/cve/CVE-2023-3824">CVE-2023-3824</a>)

Credit: security@php.net security@php.net security@php.net

Affected Software	Affected Version	How to fix
PHP PHP	>=8.0.0<8.0.30
PHP PHP	>=8.1.0<8.1.22
PHP PHP	>=8.2.0<8.2.8
PHP PHP	<8.0.30	8.0.30
PHP PHP	>=8.2.0<8.2.9
Fedoraproject Fedora	=38
Debian Debian Linux	=10.0
redhat/php	<8.2.9	8.2.9
redhat/php	<8.1.22	8.1.22
redhat/php	<8.0.30	8.0.30
debian/php7.4		7.4.33-1+deb11u5
debian/php8.2		8.2.20-1~deb12u1 8.2.23-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-3824?
The severity of CVE-2023-3824 is critical.
How does CVE-2023-3824 affect PHP?
CVE-2023-3824 affects PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8.
What is the potential impact of CVE-2023-3824?
CVE-2023-3824 can lead to memory corruption or remote code execution (RCE).
How can I fix CVE-2023-3824?
To fix CVE-2023-3824, upgrade PHP to version 8.2.9 or later.
Where can I find more information about CVE-2023-3824?
You can find more information about CVE-2023-3824 at the following references: [Link 1](https://www.php.net/ChangeLog-8.php#8.2.9), [Link 2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824), [Link 3](https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv)

collector/nvd-api
collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/first-publish-date
agent/author
agent/description
collector/php-changelog
source/PHP
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-3824
agent/weakness
collector/the-register
source/The Register
collector/bleeping-computer
source/BleepingComputer
agent/news-ai
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/title
agent/event
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/php
canonical/php php
version/php php/8.0.0
version/php php/8.1.0
version/php php/8.2.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/38
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
package-manager/redhat
package-manager/debian