Lucene search

K
prion
PRIOn knowledge basePRION:CVE-2012-2386
HistoryJul 07, 2012 - 10:21 a.m.

Integer overflow

2012-07-0710:21:00
PRIOn knowledge base
www.prio-n.com

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.2%

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.

CPENameOperatorVersion
phple5.3.13
phpge5.4.0
phplt5.4.4
How to protect your server from attacks?

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.2%

Related for PRION:CVE-2012-2386