Description
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible."
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Gravity Forms Insightly Cross-Site Scripting (1.0.6)
Joomla! Core 3.x.x Cross-Site Scripting (3.7.0 - 3.10.6)
Joomla! Core 3.4.x Cross-Site Scripting (3.4.0 - 3.4.3)
WordPress Plugin Search & Replace PHP Object Injection (3.2.2)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (4.0.8)