Format string vulnerability in stream.c in the phar extension in PHP 5.3.x up to and including 5.3.3 allows context-dependent malicious users to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.3.1 |
||
php php 5.3.2 |
||
php php 5.3.0 |
||
php php 5.3.3 |