VYPR
Unrated severityNVD Advisory· Published Jul 7, 2012· Updated Jun 16, 2026

CVE-2012-2386

CVE-2012-2386

Description

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.3.13
    • (no CPE)range: <5.3.14, <5.4.4

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.