CVE-2016-3142
EUVD-2016-419431.03.2016, 16:59
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| php | php | 𝑥 ≤ 5.5.32 |
| php | php | 5.6.0 |
| php | php | 5.6.1 |
| php | php | 5.6.2 |
| php | php | 5.6.3 |
| php | php | 5.6.4 |
| php | php | 5.6.5 |
| php | php | 5.6.6 |
| php | php | 5.6.7 |
| php | php | 5.6.8 |
| php | php | 5.6.9 |
| php | php | 5.6.10 |
| php | php | 5.6.11 |
| php | php | 5.6.12 |
| php | php | 5.6.13 |
| php | php | 5.6.14 |
| php | php | 5.6.15 |
| php | php | 5.6.16 |
| php | php | 5.6.17 |
| php | php | 5.6.18 |
| apple | mac_os_x | 𝑥 ≤ 10.11.4 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References