CVE-2008-3659
CVE-2008-3659
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.gentoo.org/show_bug.cgi?id=234102http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://news.php.net/php.cvs/52002http://osvdb.org/47483http://secunia.com/advisories/31982http://secunia.com/advisories/32148http://secunia.com/advisories/32316http://secunia.com/advisories/32746