Your submission was sent successfully! Close

CVE-2012-2386

Published: 22 May 2012

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
hardy Not vulnerable
(code not present)
lucid
Released (5.3.2-1ubuntu4.17)
natty
Released (5.3.5-1ubuntu7.10)
oneiric
Released (5.3.6-13ubuntu3.8)
precise
Released (5.3.10-1ubuntu3.2)
upstream
Released (5.4.4~rc1-1)