Description
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-5631 Vulnerability (CVE-2016-5631)
Apache Tomcat Other Vulnerability (CVE-2011-1183)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1617)
MySQL CVE-2015-2566 Vulnerability (CVE-2015-2566)
PHP Release of Invalid Pointer or Reference Vulnerability (CVE-2022-31625)