The phar_parse_zipfile function in zip.c in the PHAR extension in PHP prior to 5.5.33 and 5.6.x prior to 5.6.19 allows remote malicious users to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.6.1 |
||
php php 5.6.5 |
||
php php 5.6.12 |
||
php php 5.6.13 |
||
php php 5.6.0 |
||
php php 5.6.4 |
||
php php 5.6.6 |
||
php php 5.6.18 |
||
php php 5.6.11 |
||
php php 5.6.2 |
||
php php 5.6.10 |
||
php php 5.6.7 |
||
php php 5.6.15 |
||
php php |
||
php php 5.6.17 |
||
php php 5.6.16 |
||
php php 5.6.9 |
||
php php 5.6.3 |
||
php php 5.6.8 |
||
php php 5.6.14 |
||
apple mac os x |