Description

ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.

Remediation

References

CVE-2016-4342

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2005-3323)

Apache HTTP Server Other Vulnerability (CVE-1999-0926)

Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)

Perl Out-of-bounds Write Vulnerability (CVE-2018-6913)

WordPress Plugin WHMCS Bridge Cross-Site Scripting (6.2)

Severity

High

Classification

CVE-2016-4342 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities