CVE-2016-10160

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
References
Link Resource
https://github.com/php/php-src/commit/b28b8b2fee6dfa6fcd13305c581bb835689ac3be Issue Tracking Patch Third Party Advisory
https://bugs.php.net/bug.php?id=73768 Issue Tracking Patch Vendor Advisory
http://php.net/ChangeLog-7.php Release Notes Vendor Advisory
http://php.net/ChangeLog-5.php Release Notes Vendor Advisory
http://www.securityfocus.com/bid/95783 Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201702-29 Third Party Advisory
http://www.securitytracker.com/id/1037659 Broken Link Third Party Advisory VDB Entry
https://www.tenable.com/security/tns-2017-04 Third Party Advisory
http://www.debian.org/security/2017/dsa-3783 Third Party Advisory
https://security.netapp.com/advisory/ntap-20180112-0001/ Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1296 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2017-01-24 13:59

Updated : 2022-07-20 09:58


NVD link : CVE-2016-10160

Mitre link : CVE-2016-10160


JSON object : View

CWE
CWE-193

Off-by-one Error

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

netapp

  • clustered_data_ontap

php

  • php