|
Description: | | Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. |
|
Impact: | | An attacker can exploit the affected software with an integer overflow vulnerability. Successful exploit leads to execute arbitrary code, and failed exploit may disturb the software logic and cause denial of service. |
|
Affected OS: | | Windows, Other Unix, FreeBSD, Linux |
|
Reference: | | SecurityFocusBID:95774 SecurityTrackerID:1037659
|
|