In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
debian debian linux 10.0 |
||
tenable tenable.sc |