Description
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2447 Vulnerability (CVE-2013-2447)
WordPress Plugin SiteGround Security Security Bypass (1.2.4)
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Request Forgery (6.5.4)
WordPress 4.8.x Arbitrary File Deletion Vulnerability (4.8 - 4.8.6)
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)