PHP vulnerabilities CVE-2015-7803 and CVE-2015-7804

ID F5:K17503
Type f5
Reporter f5
Modified 2016-01-09T02:23:00


A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. * CVE-2015-7804

An uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name "/ZIP" could cause a PHP application function to crash.


None. F5 products are not affected by this vulnerability.