Описание
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
Ссылки
- ExploitVendor Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitVendor Advisory
- Third Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
6.5 Medium
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
EPSS
6.5 Medium
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2