Description
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Remediation
References
Related Vulnerabilities
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5734)
Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2020-0618)
Oracle JRE CVE-2022-21619 Vulnerability (CVE-2022-21619)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.3.5)
WordPress Plugin GDPR Cookie Consent Security Bypass (1.8.2)