7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.082 Low
EPSS
Percentile
94.4%
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40,
5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to
cause a denial of service (heap metadata corruption) or possibly have
unspecified other impact via a crafted tar archive.
Author | Note |
---|---|
mdeslaur | The two first commits may have also been used to fix CVE-2015-2783 |