Description
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2006-4433)
WordPress Plugin WP Basic Elements Cross-Site Request Forgery (5.2.15)
Oracle Database Server CVE-2009-0997 Vulnerability (CVE-2009-0997)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-48008)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0096)