Описание
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 5.4.4-1ubuntu1 |
| hardy | not-affected | code not present |
| lucid | released | 5.3.2-1ubuntu4.17 |
| natty | released | 5.3.5-1ubuntu7.10 |
| oneiric | released | 5.3.6-13ubuntu3.8 |
| precise | released | 5.3.10-1ubuntu3.2 |
| upstream | released | 5.4.4~rc1-1 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
Integer overflow in the phar_parse_tarfile function in tar.c in the ph ...
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
Уязвимость функции phar_parse_tarfile интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS
7.5 High
CVSS2