PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is running PHP and is prone to heap buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code or cause a denial-of-service condition via specially crafted TAR file. Impact Level: System/Application

Solution

Upgrade to PHP 5.4.4 or 5.3.14 or later For updates refer to http://www.php.net/downloads.php

Insight

Flaw related to overflow in phar_parse_tarfile() function in ext/phar/tar.c in the phar extension.

Affected

PHP version before 5.3.14 and 5.4.x before 5.4.4

References

http://en.securitylab.ru/nvd/426726.php
http://osvdb.org/72399
http://secunia.com/advisories/cve_reference/CVE-2012-2386
http://www.php.net/ChangeLog-5.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2386
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
Apple iTunes '.pls' Files Buffer Overflow Vulnerability
Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability
ChaSen Buffer Overflow Vulnerability (Windows)
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Windows)

Take action and discover your vulnerabilities