Description
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom Post Type UI Cross-Site Request Forgery (1.7.3)
WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.4)
Plone CMS Missing Authentication for Critical Function Vulnerability (CVE-2020-35190)
WebLogic CVE-2020-14636 Vulnerability (CVE-2020-14636)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.9.12)