Description
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
Remediation
References
Related Vulnerabilities
PHP 4.3.0 file disclosure and possible code execution
WordPress Plugin ELEX WooCommerce Google Shopping (Google Product Feed) Cross-Site Scripting (1.2.3)
XWiki Missing Authorization Vulnerability (CVE-2022-36091)
WordPress Plugin Chained Quiz Cross-Site Scripting (1.2.7)
Liferay Portal CVE-2024-25148 Vulnerability (CVE-2024-25148)