Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Buffer Overflow
RCE
Denial Of Service
PHP
Clustered Data Ontap
+1
NVD
GitHub
VulDB
CVSS 3.1
9.8
EPSS
4.7%