CVE-2012-2386: Buffer Overflow
First published: Mon May 21 2012(Updated: )
An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service (application crash), or, potentially arbitary code execution with the privileges of the user running the application. References: [1] <a href="http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html">http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html</a> [2] <a href="http://secunia.com/advisories/44335">http://secunia.com/advisories/44335</a> Upstream bug (private): [3] <a href="https://bugs.php.net/bug.php?id=61065">https://bugs.php.net/bug.php?id=61065</a> CVE Request: [4] <a href="http://www.openwall.com/lists/oss-security/2012/05/20/5">http://www.openwall.com/lists/oss-security/2012/05/20/5</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PHP | <=5.3.13 | |
| PHP PHP | >=5.4.0<5.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
- http://openwall.com/lists/oss-security/2012/05/22/10
- http://support.apple.com/kb/HT5501
- http://www.php.net/ChangeLog-5.php
- https://bugs.php.net/bug.php?id=61065
- https://bugzilla.redhat.com/show_bug.cgi?id=823594
- http://secunia.com/advisories/44335
- http://www.openwall.com/lists/oss-security/2012/05/20/5
- http://git.php.net/?p=php-src.git;a=commitdiff;h=a10e778bfb7ce9caa1f91666ddf2705db7982d68
- https://access.redhat.com/security/cve/CVE-2012-2386
- http://www.openwall.com/lists/oss-security/2012/05/22/10
- http://git.php.net/?p=php-src.git;a=commitdiff;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854
- https://rhn.redhat.com/errata/RHSA-2012-1047.html
- https://rhn.redhat.com/errata/RHSA-2012-1046.html
- http://php.net/releases/5_3_0.php
- collector/nvd-index
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/event
- agent/description
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-2386
- vendor/php
- canonical/php php
- version/php php/5.3.13
- version/php php/5.4.0