CVE-2015-3307

CVE-2015-3307 affects PHP’s Phar extension (phar.c: ext/phar/phar.c) in PHP releases earlier than 5.4.40, 5.5.x earlier than 5.5.24, and 5.6.x earlier than 5.6.8. A crafted tar archive can trigger the phar_parse_metadata path to cause a denial of service via heap metadata corruption, and may have...

CVE-2015-3307

The pharparsemetadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service heap metadata corruption or possibly have unspecified other impact via a crafted tar archive...