Description
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
Remediation
References
Related Vulnerabilities
MySQL Other Vulnerability (CVE-2002-1921)
Squid CVE-2024-45802 Vulnerability (CVE-2024-45802)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0307)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.16)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3736)