Security Advisory

CVE-2016-3142

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-03-31 16:00:00

Last updated 2024-08-05 23:47:57

Assigner microfocus

State PUBLISHED

Description

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PKx05x06 signature at an invalid location.

← Browse all CVEs View on cve.org ↗