CVE-2012-2386
published 2012-07-07CVE-2012-2386: Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause…
PriorityP359high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
42.48%
98.5th percentile
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.3.13 | — |
| php | php | >= 5.4.0 < 5.4.4 | 5.4.4 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2012-06-19·CVSS 5.0
CVE-2012-0781 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain Tidy::diagnose
operations on invalid objects. A remote attacker could use this flaw to
cause PHP to crash, leading to a denial of service. (CVE-2012-0781)
It was discovered that PHP incorrectly handled certain multi-file upload
filenames. A remote attacker could use this flaw to cause a denial of
service, or to perform a directory traversal attack. (CVE-2012-1172)
Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain
Unicode characters in passwords passed to the crypt() function. A remote
attacker could possibly use this flaw to bypass authentication.
(CVE-2012-2143)
It was discovered that a Debian/Ubuntu specific patch caused PHP
Red Hat
php: Integer overflow leading to heap-buffer overflow in the Phar extension
vendor_redhat·2012-05-21·CVSS 7.5
CVE-2012-2386 [HIGH] CWE-190 php: Integer overflow leading to heap-buffer overflow in the Phar extension
php: Integer overflow leading to heap-buffer overflow in the Phar extension
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
Statement: This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 5 as it did not include support for phar extension yet. This issue was addressed in php53 package for Red Hat Enterprise Linux 5 via RHSA-2012:1047 and in php package for Red Hat Enterprise Linux 6 via RHSA-2012:1046.
Package: php (Red Hat Enterprise Linux 5) - Not affected
GHSA
GHSA-479m-5qr8-x9r6: Integer overflow in the phar_parse_tarfile function in tar
ghsa_unreviewed·2022-05-17
CVE-2012-2386 [HIGH] GHSA-479m-5qr8-x9r6: Integer overflow in the phar_parse_tarfile function in tar
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
No detection rules found.
Bugzilla
CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension
bugzilla·2012-05-21·CVSS 7.5
CVE-2012-2386 [HIGH] CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension
CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension
An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service (application crash), or, potentially arbitary code execution with the privileges of the user running the application.
References:
[1] http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html
[2] http://secunia.com/advisories/44335
Upstream bug (private):
[3] https://bugs.php.net/bug.php?id=61065
CVE Request:
[4] http://www.openwall.com/list
arXiv
LLM-Enhanced Software Patch Localization
arxiv_fulltext·2024-09-13
LLM-Enhanced Software Patch Localization
LLM-Enhanced Software Patch Localization
[1]Jinhong Yu
[2,3]Yi Chen
[2]Di Tang
[1]Xiaozhong Liu
[2]XiaoFeng Wang
[4]Chen Wu
[2]Haixu Tang
[1]Worcester Polytechnic Institute
[2]Indiana University Bloomington
[3]The University of Hong Kong
[4]Microsoft
## Abstract
Open source software (OSS) is integral to modern product development, and any vulnerability within it potentially compromises numerous products. While developers strive to apply security patches, pinpointing these patches among extensive OSS updates remains a challenge. Security patch localization (SPL) recommendation methods are leading approaches to address this. However, existing SPL models often falter when a commit lacks a clear association with its corresponding CVE, and do not consider a scenario that a vulnerability has
http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.htmlhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.htmlhttp://openwall.com/lists/oss-security/2012/05/22/10http://support.apple.com/kb/HT5501http://www.php.net/ChangeLog-5.phphttps://bugs.php.net/bug.php?id=61065https://bugzilla.redhat.com/show_bug.cgi?id=823594http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.htmlhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.htmlhttp://openwall.com/lists/oss-security/2012/05/22/10http://support.apple.com/kb/HT5501http://www.php.net/ChangeLog-5.phphttps://bugs.php.net/bug.php?id=61065https://bugzilla.redhat.com/show_bug.cgi?id=823594
2012-07-07
Published