Description
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2022-21663)
WordPress Plugin Youtube Feeder Cross-Site Request Forgery (2.0.1)
WordPress Plugin WP GPX Maps 'wp-gpx-maps_admin_tracks.php' Arbitrary File Upload (1.1.22)
Java Unspesificed Vulnerability (CVE-2019-2816)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7364)