CVE-2023-3824 - PHAR file handling
by Serious - Friday February 21, 2025 at 10:00 PM
Banned

Posts: 4
Threads: 4
Joined: Feb 2025
Reputation: 10
#1
02-21-2025, 10:00 PM
If an attacker sends a malicious PHAR file into your app, they could trigger a buffer overflow and potentially run their own code on your server.
 
Why does this happen?  Huh -- This bug exists because PHP doesn’t properly handle PHAR metadata when it’s too big, leading to a stack buffer overflow.
PHP tries to load this metadata into a fixed-size buffer, but if the metadata is too large, it overflows Sick
 
POC: https://github.com/jhonnybonny/CVE-2023-3824
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Attempting to sell IDs/real documents
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  University of lowa is Vulnerable to CVE-2023-49103 creek97 1 4,252 04-11-2025, 05:46 AM
Last Post: dghdj
  [POC] Bypassing Imperva WAF - CVE-2023-50969 : CRITICAL trampoline 50 8,459 03-04-2025, 08:24 AM
Last Post: denisemichel
  CVE-2023-24932 - Help jetpackjacuzzi 1 432 02-19-2025, 06:00 PM
Last Post: webspid3r
  POC + Exploit CVE-2023-23397 Farfallaiero 21 6,078 02-17-2025, 07:32 PM
Last Post: 1malware
  [WordPress SMTP Plugin] CVE-2023-6875 + PoC who 14 3,667 02-17-2025, 05:58 PM
Last Post: 0asdasdasd

Forum Jump:


 Users browsing this thread: 1 Guest(s)