Computer Security
[EN] securityvulns.ru no-pyccku


Buffer overflow on in PHP sqlite_udf_decode_binary() function
Published:08.04.2007
Source:
SecurityVulns ID:7548
Type:library
Threat Level:
5/10
Description:Buffer overflow on the string with single \0x01 character.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.)
 CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.)
Original documentdocumentPHP-SECURITY, MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability (08.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod