Description
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3638 Vulnerability (CVE-2017-3638)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)
TYPO3 Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-26229)
WordPress Plugin iThemes Security (formerly Better WP Security) Unspecified Vulnerability (6.9.0)