Computer Security
[EN] securityvulns.ru no-pyccku


PHP unserialize() function information leak
Published:25.03.2007
Source:
SecurityVulns ID:7472
Type:library
Threat Level:
5/10
Description:Uninitiailized memory fragment is returned on "S:" string.
Affected:PHP : PHP 5.2
CVE:CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.)
Original documentdocumentPHP-SECURITY, MOPB-29-2007:PHP 5.2.1 unserialize() Information Leak Vulnerability (25.03.2007)
Files:PHP 5.2.1 unserialize() Information Leak Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod