CVE-2023-3824 - PHAR file handling
by Serious - Friday February 21, 2025 at 10:00 PM
Banned

Posts: 4
Threads: 4
Joined: Feb 2025
Reputation: 10

#1
02-21-2025, 10:00 PM
If an attacker sends a malicious PHAR file into your app, they could trigger a buffer overflow and potentially run their own code on your server.
 
Why does this happen?  Huh -- This bug exists because PHP doesn’t properly handle PHAR metadata when it’s too big, leading to a stack buffer overflow.
PHP tries to load this metadata into a fixed-size buffer, but if the metadata is too large, it overflows Sick
 
POC: https://github.com/jhonnybonny/CVE-2023-3824
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Attempting to sell IDs/real documents
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 77 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 810 02-07-2026, 08:53 AM
Last Post: hacker0123
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 264 02-06-2026, 07:08 PM
Last Post: hacker0123
  CitrixBleed / CVE-2023-4966 cccp 10 6,799 02-06-2026, 01:36 AM
Last Post: temptest
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 459 02-05-2026, 09:53 AM
Last Post: Sammm89



 Users browsing this thread: 1 Guest(s)