I recently came across CVE-2023-3824, which has been rated as critical with a score of 9.8. This vulnerability constitutes a Remote Code Execution (RCE) and does not require any user interaction. The description for this CVE is as follows:
"In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading a phar file and reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, potentially resulting in memory corruption or RCE."
Now, my question is: how can an HTTP request sent to a website or web server trigger the loading of a phar file and cause this vulnerability? Should there be a specific portion of the code that allows this vulnerability to occur? I'm curious because this bug's presence led to the downfall of the largest ransomware gang.
Additionally, there was a GitHub issue that further confused me. Here is the link for reference:
Git issue
NVD post