Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php | Php | 5.6.0 (including) | 5.6.30 (excluding) |
Php | Php | 7.0.0 (including) | 7.0.15 (excluding) |
Php | Php | 7.1.0 (including) | 7.1.1 (excluding) |