SUSE CVE-2016-4342

ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 TAR, 2 ZIP, or 3 PHAR archive...

SUSE CVE-2016-4473

/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...

PHP ext/phar/phar_object.c file suffers from a reflected cross-site scripting vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

UBUNTU-CVE-2018-10547

An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...

PHP Incomplete Fix for Remote Code Execution Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

The vulnerability of the /ext/phar/phar_object.c component of the PHP interpreter allows a attacker to execute arbitrary code.

The vulnerability of the /ext/phar/pharobject.c component of the PHP interpreter is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

UBUNTU-CVE-2016-4473

/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...

php: Invalid free() instead of efree() in phar_extract_file()

/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...

The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.

The vulnerability of the function in ext/phar/pharobject.c in the PHP interpreter is caused by buffer overflow. Exploiting this vulnerability could allow a malicious actor to trigger a service failure memory corruption, or possibly cause other effects through a specially crafted TAR-, ZIP-, or PH...

php: use after free in phar_object.c

A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: use after free in phar_object.c

A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...