CVE-2008-3659
Published: 14 August 2008
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
Notes
| Author | Note |
|---|---|
| jdstrand | per Debian, php5 -d memory_limit=256M -r \
'$res = explode(str_repeat("A",145999999),1);'
(From upstream's ext/standard/tests/strings/explode_bug.phpt) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php4 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
php5 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.2-1ubuntu3.13)
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Released
(5.2.3-1ubuntu6.5)
|
|
| hardy |
Released
(5.2.4-2ubuntu5.5)
|
|
| intrepid |
Released
(5.2.6-2ubuntu4.1)
|
|
| jaunty |
Not vulnerable
(5.2.6.dfsg.1-3ubuntu2)
|
|
| karmic |
Not vulnerable
(5.2.6.dfsg.1-3ubuntu2)
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1647 vendor: http://patch-tracking.debian.net/patch/series/view/php5/5.2.0-8+etch13/139-CVE-2008-3659.patch upstream: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_operators.h?r1=1.94.2.4.2.11&r2=1.94.2.4.2.12&view=patch upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/explode_bug.phpt?hideattic=1&r1=1.1&r2=1.1.2.1 |
||