Vigil@nce - PHP: heap overflow via Phar
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can provide a malicious Phar archive, in order to
create a heap overflow, leading to a denial of service or to code
execution.
Severity: 2/4
Creation date: 22/04/2011
IMPACTED PRODUCTS
– PHP
DESCRIPTION OF THE VULNERABILITY
The Phar (PHP Archive) extension is used to store a PHP project in
an unique file.
When the size indicated in the Phar archive is 0xffffffff, the
phar_parse_tarfile() function of the ext/phar/tar.c file allocates
a memory area which is too short.
An attacker can therefore provide a malicious Phar archive, in
order to create a heap overflow, leading to a denial of service or
to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-heap-overflow-via-Phar-10598