Description

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.

Remediation

References

CVE-2018-20783

Related Vulnerabilities

WordPress Plugin Jock on air now Cross-Site Scripting (5.6.2)

WordPress Plugin GigPress SQL Injection (2.3.28)

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Cross-Site Scripting (6.1)

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2007-4652)

Joomla Missing Authorization Vulnerability (CVE-2019-18674)

Severity

High

Classification

CVE-2018-20783 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities