The phar_make_dirstream function in ext/phar/dirstream.c in PHP prior to 5.6.18 and 7.x prior to 7.0.3 mishandles zero-size ././@LongLink files, which allows remote malicious users to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
opensuse opensuse 13.2 |