5 matches found
Buffer overflow
DISPUTED An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phartarwriteheadersint in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen:...
CVE-2019-9675
Removed by vendor...
CVE-2019-9675
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phartarwriteheadersint in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue...
CVE-2019-9675
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phartarwriteheadersint in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue...
Internet Bug Bounty: phar_tar_writeheaders_int() buffer overflow
A buffer overflow has been found in the phartarwriteheadersint function. it does a strncpy to header-linkname from entry-link with the size of entry-link. As you can see in https://github.com/php/php-src/blob/master/ext/phar/tar.hL66 , header-linkname is a char of the size 100. Once entry-link...