PHP 'phar.c' Heap Based Buffer Overflow Vulnerability
BID:106317
Info
PHP 'phar.c' Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 106317 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 03 2018 12:00AM |
| Updated: | Dec 03 2018 12:00AM |
| Credit: | cyoung |
| Vulnerable: |
PHP PHP 7.2.12 |
| Not Vulnerable: | |
Discussion
PHP 'phar.c' Heap Based Buffer Overflow Vulnerability
PHP is prone to a heap-based buffer-overflow vulnerability.
Successfully exploiting this issue allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
PHP 7.2.12 is vulnerable; other versions may also be affected.
PHP is prone to a heap-based buffer-overflow vulnerability.
Successfully exploiting this issue allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
PHP 7.2.12 is vulnerable; other versions may also be affected.
Exploit / POC
PHP 'phar.c' Heap Based Buffer Overflow Vulnerability
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
PHP 'phar.c' Heap Based Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
PHP 'phar.c' Heap Based Buffer Overflow Vulnerability
References:
References: