cbcvebase.
CVE-2012-2386
published 2012-07-07

CVE-2012-2386: Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause…

PriorityP359high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
42.48%
98.5th percentile
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.

Affected

2 ranges
VendorProductVersion rangeFixed in
phpphp<= 5.3.13
phpphp>= 5.4.0 < 5.4.45.4.4

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.