php
Page content
- Author: voroskoi
- Vulnerable: 5.1.6-2siwenna1
- Unaffected: 5.1.6-3siwenna1
Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to boundary errors within the “htmlentities()” and “htmlspecialchars()” functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application. Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected.
- Bug Tracker URL: http://bugs.frugalware.org/task/1419