949 B
949 B
CVE-2015-4021
Description
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- https://bugs.php.net/bug.php?id=69453
- https://hackerone.com/reports/104027