Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4887 to the following vulnerability: The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
The argument passed to the dl() function must always be under the control of the script author, so this is not treated as a security issue.
This problem was addressed in PHP 5.2.5, patches: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.121&r2=1.122 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.h?r1=1.26&r2=1.27 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.116&r2=1.117