VDB
BDU%3A2022-02621
BDU%3A2022-02621
PUBLISHED
CVSS 7.5 HIGH
Уязвимость функции phar_parse_tarfile интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Risk Scores
CVSS 2.0
7.5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, PHP Group | Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, PHP |
Timeline
- Apr 27, 2022 CVE Published
References
- http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html url
- http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854 url
- https://bugs.php.net/bug.php?id=61065 url
- http://www.php.net/ChangeLog-5.php url
- https://bugzilla.redhat.com/show_bug.cgi?id=823594 url
- http://openwall.com/lists/oss-security/2012/05/22/10 url
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html url
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html url
- http://support.apple.com/kb/HT5501 url
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2386.xml advisory
- https://ubuntu.com/security/CVE-2012-2386 advisory
- https://security-tracker.debian.org/tracker/CVE-2012-2386 advisory