Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
{ "vanir_signatures": [ { "deprecated": false, "target": { "file": "ext/phar/phar.c" }, "source": "https://github.com/php/php-src/commit/b28b8b2fee6dfa6fcd13305c581bb835689ac3be", "signature_type": "Line", "id": "CVE-2016-10160-8d672808", "signature_version": "v1", "digest": { "line_hashes": [ "261047710016479752139056947476062666898", "288684070520142348767897615574607424242", "112445893259989087932568962075639758748", "60755477067856805034010718087238629256", "249922762173586031901652948315750808437", "38755955305146916992902222194245576125", "250980629975730852784574285116812435575", "336350558396583384843201543601166535943" ], "threshold": 0.9 } } ] }