Red Hat Bugzilla – Bug 688378
CVE-2011-1153 php: several format string vulnerabilities in PHP's Phar extension
Last modified: 2015-06-01 10:36:15 EDT
Several format string flaws were found in PHP's Phar extension  that could be used to leak some parts of memory via error messages. These have been corrected in upstream svn . The Phar extension is part of PHP since 5.3.0.
This is demonstrated with the following:
$x = new PharData('a.php');
% php phar.php
PHP Fatal error: Uncaught exception 'PharException' with message 'unable to open phar for reading "00000000.00000008.00000000.bffb3624.081ef712"' in /tmp/tests/phar.php:4
#0 /tmp/tests/phar.php(4): PharData::loadPhar('%08x.%08x.%08x....')
thrown in /tmp/tests/phar.php on line 4
I'm not very familiar with these phar archives, but I suspect these would not be something a user could just upload (or a normal site would allow to be uploaded and then loaded), so I believe this flaw is probably more of a local flaw, than a remote flaw.
Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data as a PHAR archive file name to load. The file name passed to the PHAR-handling functions is therefore under the full control of the script author and no trust boundary is crossed.