Description
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.
Remediation
References
Related Vulnerabilities
WordPress Plugin Community Events SQL Injection (1.3.5)
Jboss EAP Reachable Assertion Vulnerability (CVE-2020-25710)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)
XOOPS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-12138)
Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999047)