Description
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3284 Vulnerability (CVE-2018-3284)
WordPress Plugin Chat-Support Board-WordPress Chat Cross-Site Scripting (1.2.8)
Joomla! Core 4.x.x Multiple Vulnerabilities (4.0.0 - 4.1.0)
IBM WebSEAL Improper Authentication Vulnerability (CVE-2018-1443)
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.0)