Description
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
Remediation
References
Related Vulnerabilities
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)
WordPress 4.9.x Denial of Service Vulnerability (4.9 - 4.9.4)
Oracle Database Server CVE-2021-2175 Vulnerability (CVE-2021-2175)
MySQL CVE-2019-2687 Vulnerability (CVE-2019-2687)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.2)