|Bugzilla:||823594: CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension|
The MITRE CVE dictionary describes this issue as:
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 5 as it did not include support for phar extension yet. This issue was addressed in php53 package for Red Hat Enterprise Linux 5 via RHSA-2012:1047 and in php package for Red Hat Enterprise Linux 6 via RHSA-2012:1046.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 5 (php53)||RHSA-2012:1047||June 27, 2012|
|Red Hat Enterprise Linux version 6 (php)||RHSA-2012:1046||June 27, 2012|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.