Manhluat

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.0.4 **Description** The issue is related to an integer overflow in the `str pad` function, which can cause a heap-based buffer overflow when a long string is used. This can allow a remote attacker to cause a denial of service or possibly have other unspecified impacts. **Recommendations** For PHP versions prior to 7.0.4, update to version 7.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `str pad` function with long strings until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.0.4 **Description** The issue is related to an integer overflow in the `php filter encode url` function, which can cause a heap-based buffer overflow. This can lead to a denial of service or possibly have other unspecified impacts when a remote attacker sends a long string. **Recommendations** For PHP versions prior to 7.0.4, update to version 7.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the input length to the `php filter encode url` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.0.4 **Description** The issue is related to an integer overflow in the `xml utf8 encode` function, which can cause a heap-based buffer overflow. This can be triggered by a remote attacker using a long argument to the `utf8 encode` function, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For PHP versions prior to 7.0.4, update to version 7.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `utf8 encode` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.32 PHP versions 5.6.x prior to 5.6.18 PHP versions 7.x prior to 7.0.3 **Description** The issue is caused by a buffer overflow in the ext/phar/phar object.c function of the PHP interpreter. This can be exploited by a remote attacker using a specially crafted TAR, ZIP, or PHAR archive, potentially leading to a denial of service (heap memory corruption) or other unspecified impacts. **Recommendations** For PHP versions prior to 5.5.32, update to version 5.5.32 or later. For PHP versions 5.6.x prior to 5.6.18, update to version 5.6.18 or later. For PHP versions 7.x prior to 7.0.3, update to version 7.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.18 PHP versions 7.x prior to 7.0.3 **Description** The issue is related to the `phar make dirstream` function, which mishandles zero-size ././@LongLink files in crafted TAR archives. This can be exploited by remote attackers to cause a denial of service due to an uninitialized pointer dereference, or possibly have other unspecified impacts. **Recommendations** For PHP versions prior to 5.6.18, update to version 5.6.18 or later. For PHP versions 7.x prior to 7.0.3, update to version 7.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12 PHP versions 7.x prior to 7.0.4 **Description** The issue allows remote attackers to obtain sensitive information from process memory or cause a denial of service. This is related to the `SoapClient:: call` method and is caused by insufficient input validation in the `make http soap request` function, allowing exploitation through crafted serialized ` cookies` data. **Recommendations** For PHP versions prior to 5.4.44, update to version 5.4.44 or later. For PHP versions 5.5.x prior to 5.5.28, update to version 5.5.28 or later. For PHP versions 5.6.x prior to 5.6.12, update to version 5.6.12 or later. For PHP versions 7.x prior to 7.0.4, update to version 7.0.4 or later.