Description
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22066 Vulnerability (CVE-2023-22066)
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5965)
MySQL CVE-2020-14878 Vulnerability (CVE-2020-14878)
WordPress Plugin Content text slider on post Cross-Site Scripting (6.8)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4789)