CVE-2016-4342 - CERT CVE

  1. CVE-2016-4342

ID CVE-2016-4342
Sažetak ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.
Reference
CVSS
Base: 8.3
Impact: 8.5
Exploitability:8.6
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL COMPLETE
CVSS vektor AV:N/AC:M/Au:N/C:P/I:P/A:C
Zadnje važnije ažuriranje 30-10-2018 - 16:27
Objavljeno 22-05-2016 - 01:59