Note:
This project will be discontinued after December 13, 2021. [more]
2020-02-27
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
| Products | Php, Tenable\.sc |
| Type | Out-of-bounds Read (CWE-125) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugs.php.net/bug.php?id=79171
• https://security.gentoo.org/glsa/202003-57 • https://www.tenable.com/security/tns-2021-14 |