Description
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
Jboss EAP CVE-2012-5626 Vulnerability (CVE-2012-5626)
WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (6.5.00)
WebLogic CVE-2020-14644 Vulnerability (CVE-2020-14644)
PrestaShop Files or Directories Accessible to External Parties Vulnerability (CVE-2020-5250)
WordPress Plugin Simple Download Monitor Multiple Cross-Site Scripting Vulnerabilities (3.9.4)