2012-07-07 12:21:13 2012-09-22 05:32:57

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Tracking Requirements & Use Cases (TRUC) 0.12.0 Tracking Requirements & Use Cases (TRUC) 0.11.0 Tracking Requirements & Use Cases (TRUC) 0.10.0 Jan Kara Linux DiskQuota (aka quota) 3.16 Jan Kara Linux DiskQuota (aka quota) 3.15 Jan Kara Linux DiskQuota (aka quota) 3.14 Jan Kara Linux DiskQuota (aka quota) 3.13 Jan Kara Linux DiskQuota (aka quota) 3.03 Jan Kara Linux DiskQuota (aka quota) 3.01-pre9 Jansson 2.2 Jansson 2.1 Janrain Engine RPX module for Drupal 7.x-1.x-dev janrain ruby-openid 2.2.0 for Ruby Janrain Engine RPX module for Drupal 6.x-1.3 Jane Janetter 1.3.0.0 Janrain Engine RPX module for Drupal 6.x-1.4 Jane Janetter 3.3.0.0 Jane Janetter 3.4.0.0 Jane Janetter 3.2.1.0 Jane Janetter 3.2.1.1 Jane Janetter 2.4.0.0 Jane Janetter 2.1.1.2 Jane Janetter 2.5.1.0 Jane Janetter 2.5.0.0 Jane Janetter 2.1.1.1 Tracking Requirements & Use Cases (TRUC) 0.9.0 Jan Kara Linux DiskQuota (aka quota) 3.02 Janetter 3.1.1.0 Janetter 3.2.0.0 Janetter 1.7.2.0 Janetter 3.1.0.0 Janetter 1.7.1.0 Janetter 1.7.0.0 Janetter 3.1.0.1 Janetter 2.3.0.0 Jan Kara Linux DiskQuota (aka quota) 3.04 Janetter 2.4.0.0 Jan Kara Linux DiskQuota (aka quota) 3.05 Jan Kara Linux DiskQuota (aka quota) 3.06 Janetter 2.1.1.2 Janetter 2.2.0.0 Jan Kara Linux DiskQuota (aka quota) 3.07 Jan Kara Linux DiskQuota (aka quota) 3.08 Janetter 2.1.1.0 Janetter 3.3.0.0 Jane Janetter 1.7.2.0 Jan Kara Linux DiskQuota (aka quota) 3.09 Janetter 2.1.1.1 Janetter 3.4.0.0 Jan Kara Linux DiskQuota (aka quota) 3.10 Janetter 3.2.1.0 Jane Janetter 2.0.1.0 Jan Kara Linux DiskQuota (aka quota) 3.11 Janetter 3.2.1.1 Jane Janetter 2.0.0.1 Jan Kara Linux DiskQuota (aka quota) 3.01-pre7 Janetter 2.5.0.0 Janetter 1.2.1.0 Jane Janetter 1.5.0.0 Janetter 1.2.0.0 Jane Janetter 1.4.0.0 Janetter 1.1.0.0 Jane Janetter 1.6.1.0 Janetter 1.0.0.0 Jane Janetter 1.6.0.0 Jane Janetter 1.6.3.0 Jane Janetter 1.6.2.0 Janetter 1.4.0.0 Jane Janetter 1.7.1.0 Janetter 1.3.0.0 Jane Janetter 1.7.0.0 Jane Janetter 3.2.0.0 Jane Janetter 3.1.1.0 Jane Janetter 3.1.0.1 Jane Janetter 3.1.0.0 Jane Janetter 3.0.0.0 Janrain Engine RPX module for Drupal 6.x-2.1 beta1 Janrain Engine RPX module for Drupal 6.x-2.1 beta2 Janrain Engine RPX module for Drupal 6.x-2.1 Jan Kara Linux DiskQuota (aka quota) 3.12 Janetter 2.0.3.0 Janetter 2.0.2.0 Janetter 2.1.0.0 Janetter 1.5.0.0 Janetter 2.0.1.0 Janetter 2.0.0.1 Janetter 1.6.3.0 janrain ruby-openid 2.2.3 for Ruby janrain ruby-openid 2.3.0 for Ruby janrain ruby-openid 2.2.1 for Ruby janrain ruby-openid 2.2.2 for Ruby Jansson 2.0 Jansson 2.0.1 Janrain Engine RPX module for Drupal 6.x-1.2 release canidate 2 Jane Janetter 2.1.0.0 Jane Janetter 2.1.1.0 Janrain Engine RPX module for Drupal 6.x-1.1 release canidate 2 Jane Janetter 2.2.0.0 Jane Janetter 2.0.2.0 Janrain Engine RPX module for Drupal 6.x-1.2 Jane Janetter 2.3.0.0 Jane Janetter 2.0.3.0 Janrain Engine RPX module for Drupal 6.x-1.0 release canidate 1 Jane Janetter 1.0.0.0 Janrain Engine RPX module for Drupal 6.x-1.0 release canidate 2 Jan Kara Linux DiskQuota (aka quota) 3.01-pre8 Janetter 1.6.0.0 Janetter 1.6.1.0 Janetter 1.6.2.0 Jane Janetter 1.2.1.0 Jane Janetter 1.1.0.0 Jane Janetter 1.2.0.0 Janetter 2.5.1.0 Janrain Engine RPX module for Drupal 6.x-1.0 dev Janrain Engine RPX module for Drupal 6.x-1.0 beta 1 JanRain PHP OpenID library (aka php-openid) 2.2.2 Janetter 3.0.0.0 Php Php 5.4.0 Beta2 (not an official CPE)