Description
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-0361)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3433)
WordPress Plugin Woocommerce Categories in gallery format Cross-Site Scripting (1.0.1)
WordPress Plugin WP Easy Stats 'homep' Parameter Remote File Include (1.8)
Oracle Application Server Other Vulnerability (CVE-2002-0656)