Description
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.4.7)
Jetty CVE-2020-27218 Vulnerability (CVE-2020-27218)
ATutor Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1583)
WordPress Plugin WPJobBoard Multiple Cross-Site Scripting Vulnerabilities (4.5.1)
WordPress Plugin Online Hotel Booking System Pro SQL Injection (1.0)