Description
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
References (23)
... and 3 more
Scores
EPSS
0.0197
EPSS Percentile
83.6%
Details
CWE
CWE-134
Status
published
Products (46)
php/php
1.0
php/php
2.0
php/php
2.0b10
php/php
3.0
php/php
3.0.1
php/php
3.0.2
php/php
3.0.3
php/php
3.0.4
php/php
3.0.5
php/php
3.0.6
... and 36 more
Published
Mar 16, 2011
Tracked Since
Feb 18, 2026