php: Heap-based buffer over-read in PHAR reading functions

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

Vulnerability of the PHP interpreter and the Mac OS X operating system, allowing attackers to execute arbitrary code

The vulnerability of the Phar extension in PHP interpreters and the Mac OS X operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file name...

php: buffer overflow in phar_set_inode()

A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...