Computer Security
[EN] securityvulns.ru no-pyccku


PHP msg_receive() integer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7550
Type:library
Threat Level:
5/10
Description:Integer overflow with max_size parameter.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.)
 CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.)
Original documentdocumentPHP-SECURITY, MOPB-43-2007:PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty (08.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod