In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-10T14:00:00

Updated: 2024-08-05T17:57:57.974Z

Reserved: 2017-07-10T00:00:00

Link: CVE-2017-11147

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-07-10T14:29:00.697

Modified: 2023-11-07T02:38:10.753

Link: CVE-2017-11147

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-12-17T00:00:00Z

Links: CVE-2017-11147 - Bugzilla