Description
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce PDF Invoices & Packing Slips Cross-Site Request Forgery (2.2.6)
WordPress Plugin Autocomplete Wizard Unspecified Vulnerability (2.0)
WebLogic CVE-2022-21557 Vulnerability (CVE-2022-21557)
WordPress Plugin WooCommerce Extra Product Options Multiple Vulnerabilities (4.5.3)