PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is running PHP and is prone to heap buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code or cause a denial-of-service condition via specially crafted TAR file. Impact Level: System/Application

Solution

Upgrade to PHP 5.4.4 or 5.3.14 or later For updates refer to http://www.php.net/downloads.php

Insight

Flaw related to overflow in phar_parse_tarfile() function in ext/phar/tar.c in the phar extension.

Affected

PHP version before 5.3.14 and 5.4.x before 5.4.4

References

http://en.securitylab.ru/nvd/426726.php
http://osvdb.org/72399
http://secunia.com/advisories/cve_reference/CVE-2012-2386
http://www.php.net/ChangeLog-5.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2386

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Blazevideo HDTV Player PLF File Buffer Overflow Vulnerability
ChaSen Buffer Overflow Vulnerability (Windows)
Amarok Player Multiple Vulnerabilities
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Windows)
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)

Take action and discover your vulnerabilities