Back to search
CVE-2008-3659
Published: Aug 15, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1020995
vdb-entry
x_refsource_SECTRACK
32746
third-party-advisory
x_refsource_SECUNIA
HPSBUX02465
vendor-advisory
x_refsource_HP
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
GLSA-200811-05
vendor-advisory
x_refsource_GENTOO
SSRT090085
vendor-advisory
x_refsource_HP
31982
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:024
vendor-advisory
x_refsource_MANDRIVA
47483
vdb-entry
x_refsource_OSVDB
http://wiki.rpath.com/Advisories:rPSA-2009-0035
x_refsource_CONFIRM
35074
third-party-advisory
x_refsource_SECUNIA
SSRT090192
vendor-advisory
x_refsource_HP
32148
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
[oss-security] 20080808 CVE request: php-5.2.6 overflow issues
mailing-list
x_refsource_MLIST
SUSE-SR:2008:018
vendor-advisory
x_refsource_SUSE
SUSE-SR:2008:021
vendor-advisory
x_refsource_SUSE
MDVSA-2009:023
vendor-advisory
x_refsource_MANDRIVA
MDVSA-2009:022
vendor-advisory
x_refsource_MANDRIVA
php-memnstr-bo(44405)
vdb-entry
x_refsource_XF
TA09-133A
third-party-advisory
x_refsource_CERT
[oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues
mailing-list
x_refsource_MLIST
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
http://bugs.gentoo.org/show_bug.cgi?id=234102
x_refsource_CONFIRM
MDVSA-2009:021
vendor-advisory
x_refsource_MANDRIVA
HPSBUX02431
vendor-advisory
x_refsource_HP
[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues
mailing-list
x_refsource_MLIST
DSA-1647
vendor-advisory
x_refsource_DEBIAN
ADV-2008-2336
vdb-entry
x_refsource_VUPEN
[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues
mailing-list
x_refsource_MLIST
http://www.php.net/archive/2008.php#id2008-08-07-1
x_refsource_CONFIRM
http://news.php.net/php.cvs/52002
x_refsource_CONFIRM
35650
third-party-advisory
x_refsource_SECUNIA
32316
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now