Vulnerabilities

CVE-2016-4343

by Fred · 21/05/2016

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

Date published : 2016-05-21

http://www.securityfocus.com/bid/89179

https://bugs.php.net/bug.php?id=71331

Similar

Tags: Cybersecurity Alert