Информационная безопасность
[RU] switch to English


Переполнение буфера в функции PHP sqlite_udf_decode_binary()
Опубликовано:8 апреля 2007 г.
Источник:
SecurityVulns ID:7548
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера на строке из единственного символа \0x01
Затронутые продукты:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.)
 CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.)
Оригинальный текстdocumentPHP-SECURITY, MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability (08.04.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород