Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2016-7414
Description:The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-7414
BugTraq ID: 93004
http://www.securityfocus.com/bid/93004
https://security.gentoo.org/glsa/201611-22
http://www.openwall.com/lists/oss-security/2016/09/15/10
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securitytracker.com/id/1036836




© 1998-2022 E-Soft Inc. All rights reserved.