PHP 'phar_detect_phar_fname_ext()' Heap Buffer Overflow Vulnerability

PHP is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

The following versions are vulnerable:
PHP 5.1 prior to 5.6.40
PHP 7.1 prior to 7.1.26
PHP 7.2 prior to 7.2.14
PHP 7.3 prior to 7.3.1


 

Privacy Statement
Copyright 2010, SecurityFocus