PHP substr_compare information leak

PHP substr_compare information leak
Published:		10.03.2007
Source:		PHP-SECURITY
SecurityVulns ID:		7374
Type:		remote
Threat Level:		5/10
Description:		Integer overflow allows memory reading behind variable boundaries.

Affected:		PHP : PHP 5.2
CVE:		CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.)

Original document

Files: