CVE-2011-1464

Priority
Medium
Description
Buffer overflow in the strval function in PHP before 5.3.6, when the
precision configuration option has a large value, might allow
context-dependent attackers to cause a denial of service (application
crash) via a small numerical value in the argument.
References
Bugs
Assigned-to
sbeattie
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.3.6)
Ubuntu 8.04 LTS (Hardy Heron):released (5.2.4-2ubuntu5.15)
Ubuntu 10.04 LTS (Lucid Lynx):released (5.3.2-1ubuntu4.8)
Ubuntu 11.04 (Natty Narwhal):released (5.3.5-1ubuntu7.1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (5.3.5-1ubuntu7.2)
Patches:
Upstream:http://svn.php.net/viewvc?view=revision&revision=308525
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:01 UTC (commit 5347)