FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- integer overflow vulnerability

Affected packages
php5 < 5.2.6

Details

VuXML ID f6377f08-12a7-11dd-bab7-0016179b2dd5
Discovery 2008-03-21
Entry 2008-04-25
Modified 2008-05-02

CVE reports:

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).

[source]

References

Bugtraq ID 28392
CVE Name CVE-2008-1384
URL http://securityreason.com/achievement_securityalert/52

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.