CVE-2012-2386

Priority
Medium
Description
Integer overflow in the phar_parse_tarfile function in tar.c in the phar
extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted tar file that triggers a heap-based
buffer overflow.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2386
http://www.openwall.com/lists/oss-security/2012/05/22/10
http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html
http://www.ubuntu.com/usn/usn-1481-1
Bugs
https://bugs.php.net/bug.php?id=61065
Assigned-to
mdeslaur
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.4.4~rc1-1)
Ubuntu 8.04 LTS (Hardy Heron):not-affected (code not present)
Ubuntu 10.04 LTS (Lucid Lynx):released (5.3.2-1ubuntu4.17)
Ubuntu 11.04 (Natty Narwhal):released (5.3.5-1ubuntu7.10)
Ubuntu 11.10 (Oneiric Ocelot):released (5.3.6-13ubuntu3.8)
Ubuntu 12.04 LTS (Precise Pangolin):released (5.3.10-1ubuntu3.2)
Ubuntu 12.10 (Quantal Quetzal):not-affected (5.4.4-1ubuntu1)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=a10e778bfb7ce9caa1f91666ddf2705db7982d68
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854 (related)
Vendor:http://www.debian.org/security/2012/dsa-2492
More Information

Valid XHTML 1.0 Strict

Updated: 2012-07-11 15:14:26 UTC (commit 5497)