Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers …
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.
Weaknesses in this category are related to improper calculation or conversion of numbers.
https://cwe.mitre.org/data/definitions/189.html →Open in CWE collection →The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
https://cwe.mitre.org/data/definitions/822.html →Open in CWE collection →This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.
https://capec.mitre.org/data/definitions/129.html →Open in CAPEC collection →