CVE-2023-3824 - PHAR file handling
by Serious - Friday February 21, 2025 at 10:00 PM
Banned

Posts: 4
Threads: 4
Joined: Feb 2025
Reputation: 10

#1
02-21-2025, 10:00 PM
If an attacker sends a malicious PHAR file into your app, they could trigger a buffer overflow and potentially run their own code on your server.
 
Why does this happen?  Huh -- This bug exists because PHP doesn’t properly handle PHAR metadata when it’s too big, leading to a stack buffer overflow.
PHP tries to load this metadata into a fixed-size buffer, but if the metadata is too large, it overflows Sick
 
POC: https://github.com/jhonnybonny/CVE-2023-3824
Ban reason: Attempting to sell IDs/real documents (Permanent)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 73 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 805 02-07-2026, 08:53 AM
Last Post: hacker0123
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 261 02-06-2026, 07:08 PM
Last Post: hacker0123
  CitrixBleed / CVE-2023-4966 cccp 10 6,797 02-06-2026, 01:36 AM
Last Post: temptest
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 457 02-05-2026, 09:53 AM
Last Post: Sammm89



 Users browsing this thread: 1 Guest(s)