Описание
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Will not fix | ||
| Red Hat Enterprise Linux 6 | php | Will not fix | ||
| Red Hat Enterprise Linux 7 | php | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | php | Will not fix | ||
| Red Hat Software Collections | rh-php56-php | Will not fix | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-php70-php | Fixed | RHSA-2018:1296 | 03.05.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-php70-php | Fixed | RHSA-2018:1296 | 03.05.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php70-php | Fixed | RHSA-2018:1296 | 03.05.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | rh-php70-php | Fixed | RHSA-2018:1296 | 03.05.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
Уязвимость функции phar_parse_pharfile интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS
5.3 Medium
CVSS3