CVE-2008-3659
Published: 14 August 2008
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
Notes
Author | Note |
---|---|
jdstrand | per Debian, php5 -d memory_limit=256M -r \ '$res = explode(str_repeat("A",145999999),1);' (From upstream's ext/standard/tests/strings/explode_bug.phpt) |
Priority
Status
Package | Release | Status |
---|---|---|
php4 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
php5 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.2-1ubuntu3.13)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(5.2.3-1ubuntu6.5)
|
|
hardy |
Released
(5.2.4-2ubuntu5.5)
|
|
intrepid |
Released
(5.2.6-2ubuntu4.1)
|
|
jaunty |
Not vulnerable
(5.2.6.dfsg.1-3ubuntu2)
|
|
karmic |
Not vulnerable
(5.2.6.dfsg.1-3ubuntu2)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1647 vendor: http://patch-tracking.debian.net/patch/series/view/php5/5.2.0-8+etch13/139-CVE-2008-3659.patch upstream: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_operators.h?r1=1.94.2.4.2.11&r2=1.94.2.4.2.12&view=patch upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/explode_bug.phpt?hideattic=1&r1=1.1&r2=1.1.2.1 |