Description
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible."
Remediation
References
Related Vulnerabilities
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)
Squid Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-4553)
WordPress Plugin AccessPress Social Counter Cross-Site Scripting (1.3.6)
WebLogic Other Vulnerability (CVE-2022-24891)
WordPress Plugin Asgaros Forum Multiple Vulnerabilities (1.15.14)