Описание
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingPatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
Уязвимость функции чтения PHAR интерпретатора языка программирования PHP, связанная с чтением за пределами границ буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании, нарушить конфиденциальность и целостность защищаемых данных
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2