FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- integer overflow vulnerability

Affected packages
php5 < 5.2.6

Details

VuXML ID f6377f08-12a7-11dd-bab7-0016179b2dd5
Discovery 2008-03-21
Entry 2008-04-25
Modified 2008-05-02

CVE reports:

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).

References

Bugtraq ID 28392
CVE Name CVE-2008-1384
URL http://securityreason.com/achievement_securityalert/52