Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 5.6.0 (including) | 5.6.30 (excluding) |
| Php | Php | 7.0.0 (including) | 7.0.15 (excluding) |
| Php | Php | 7.1.0 (including) | 7.1.1 (excluding) |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-php70-php-0:7.0.27-1.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | rh-php70-php-0:7.0.27-1.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php70-php-0:7.0.27-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | rh-php70-php-0:7.0.27-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-php70-php-0:7.0.27-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-php70-php-0:7.0.27-1.el7 | * |
| Php5 | Ubuntu | precise | * |
| Php5 | Ubuntu | trusty | * |
| Php5 | Ubuntu | upstream | * |
| Php7.0 | Ubuntu | devel | * |
| Php7.0 | Ubuntu | upstream | * |
| Php7.0 | Ubuntu | xenial | * |
| Php7.0 | Ubuntu | yakkety | * |