CVE-2012-2386: Buffer Overflow
First published: Mon May 21 2012(Updated: )
An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service (application crash), or, potentially arbitary code execution with the privileges of the user running the application. References: [1] <a href="http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html">http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html</a> [2] <a href="http://secunia.com/advisories/44335">http://secunia.com/advisories/44335</a> Upstream bug (private): [3] <a href="https://bugs.php.net/bug.php?id=61065">https://bugs.php.net/bug.php?id=61065</a> CVE Request: [4] <a href="http://www.openwall.com/lists/oss-security/2012/05/20/5">http://www.openwall.com/lists/oss-security/2012/05/20/5</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | <=5.3.13 | |
| PHP | >=5.4.0<5.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
- http://openwall.com/lists/oss-security/2012/05/22/10
- http://support.apple.com/kb/HT5501
- http://www.php.net/ChangeLog-5.php
- https://bugs.php.net/bug.php?id=61065
- https://bugzilla.redhat.com/show_bug.cgi?id=823594
- http://secunia.com/advisories/44335
- http://www.openwall.com/lists/oss-security/2012/05/20/5
- http://git.php.net/?p=php-src.git;a=commitdiff;h=a10e778bfb7ce9caa1f91666ddf2705db7982d68
- https://access.redhat.com/security/cve/CVE-2012-2386
- http://www.openwall.com/lists/oss-security/2012/05/22/10
- http://git.php.net/?p=php-src.git;a=commitdiff;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854
- https://rhn.redhat.com/errata/RHSA-2012-1047.html
- https://rhn.redhat.com/errata/RHSA-2012-1046.html
- http://php.net/releases/5_3_0.php
Frequently Asked Questions
What is the severity of CVE-2012-2386?
CVE-2012-2386 has a moderate severity rating due to the potential for remote code execution through a specially crafted TAR file.
How do I fix CVE-2012-2386?
To fix CVE-2012-2386, upgrade to PHP version 5.3.13 or later, or to versions 5.4.4 or above.
Who is affected by CVE-2012-2386?
CVE-2012-2386 affects PHP versions up to 5.3.13 and versions between 5.4.0 and 5.4.4.
Can CVE-2012-2386 be exploited remotely?
Yes, CVE-2012-2386 can be exploited remotely by attackers supplying malicious TAR archive files to vulnerable PHP applications.
What type of vulnerability is CVE-2012-2386?
CVE-2012-2386 is categorized as an integer overflow vulnerability leading to a heap-based buffer overflow.
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-2386
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/php
- canonical/php
- version/php/5.3.13
- version/php/5.4.0