In PHP prior to 5.6.39, 7.x prior to 7.0.33, 7.1.x prior to 7.1.25, and 7.2.x prior to 7.2.13, a buffer over-read in PHAR reading functions may allow an malicious user to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
opensuse leap 42.3 |