Integer overflow in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
{ "vanir_signatures": [ { "deprecated": false, "target": { "file": "ext/phar/phar.c" }, "source": "https://github.com/php/php-src/commit/ca46d0acbce55019b970fcd4c1e8a10edfdded93", "signature_type": "Line", "id": "CVE-2016-10159-c6d30f0a", "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "121052452896400164276001498621023313905", "262168943274424758961694766712839997290", "35360108606078329448889142211054414706", "145313471589252137248472230406309010104", "314417463545681779499062229029939122698", "74004429412006798345526032305741375125", "36646184072252867127774558500130006594", "331527402370172640660609847974879528962" ] } } ] }