#VU12907 Off-by-one error


Published: 2018-05-21

Vulnerability identifier: #VU12907

Vulnerability risk: High

CVSSv3.1:

CVE-ID: CVE-2016-10160

CWE-ID: CWE-193

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the phar_parse_pharfile function in ext/phar/phar.c due to off-by-one error. A remote attacker can submit a specially crafted PHAR archive with an alias mismatch and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Update to version 5.6.30 or 7.0.15.

Vulnerable software versions

PHP: 5.6.0 - 5.6.29, 7.0.0 - 7.0.14


CPE

External links
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability