CVE-2019-9675
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible.
| Software | From | Fixed in |
|---|---|---|
| php / php | 7.3.0 | 7.3.3 |
| php / php | 7.0.0 | 7.1.27 |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| opensuse / leap | 42.3 | 42.3.x |
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
- http://php.net/ChangeLog-7.php
- https://bugs.php.net/bug.php?id=77586
- https://usn.ubuntu.com/3922-2/
- https://usn.ubuntu.com/3922-3/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime