Red Hat Bugzilla – Bug 445002
CVE-2008-2050 php: stack based buffer overflow in FastCGI SAPI
Last modified: 2016-03-04 07:55:36 EST
From the PHP 5.2.6 changelog:
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei
The fix for this issue is here:
Affected code was introduced in PHP version 5.1.3:
[ ... ]
* Reimplemented FastCGI interface. (Dmitry)
There are two changes in the referenced patch:
1) the first appears to fix a case where an amount of uninitialized stack buffer
could be written to the FastCGI server.
2) the second appears to fix a buffer overflow which could be triggered by the
Since the FastCGI server is local trusted code and not under the control of an
attacker, I would say that these bugs do not have any impact on security.
This issue does not affect the version of PHP shipped in Red Hat Enterprise
Linux 2.1, 3, or 4.
We do not consider this issue to be a security flaw for Red Hat Enterprise
Linux 5 since no trust boundary is crossed.