Main Vulnerability Database Exploits ID:4479 - Exploit for Heap-based buffer overflow in PHP - CVE-2012-2386

ID:4479 - Exploit for Heap-based buffer overflow in PHP - CVE-2012-2386

Published: August 11, 2020

Vulnerability identifier: #VU43908

Vulnerability risk: Medium

CVE-ID: CVE-2012-2386

CWE-ID: CWE-122

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/17201/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4. A remote attacker can use a crafted tar file that triggers a heap-based buffer overflow. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:4479 - Exploit for Heap-based buffer overflow in PHP - CVE-2012-2386

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human