Description

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

Remediation

References

CVE-2016-4343

Related Vulnerabilities

WordPress Plugin Redirection 'id' Parameter Cross-Site Scripting (2.2.8)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.8)

MySQL Divide By Zero Vulnerability (CVE-2019-16168)

WordPress Plugin Testimonial Cross-Site Scripting (1.5.9)

MySQL CVE-2019-2911 Vulnerability (CVE-2019-2911)

Severity

High

Classification

CVE-2016-4343 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities