The bzread function in ext/bz2/bz2.c in PHP prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 allows remote malicious users to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |