Description

ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.

Remediation

References

CVE-2016-4342

Related Vulnerabilities

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-25955)

Oracle JRE CVE-2013-5844 Vulnerability (CVE-2013-5844)

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)

WordPress Plugin WP Hotel Booking PHP Object Injection (1.10.3)

Severity

High

Classification

CVE-2016-4342 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities