Bug 459569 - (CVE-2008-3659) CVE-2008-3659 php: buffer overflow in memnstr
CVE-2008-3659 php: buffer overflow in memnstr
Status: CLOSED DUPLICATE of bug 169857
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
source=internet,reported=20080807,pub...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-20 05:28 EDT by Tomas Hoger
Modified: 2009-03-25 05:00 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-25 05:00:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Reproducer from upstream CVS (103 bytes, text/plain)
2008-08-20 05:30 EDT, Tomas Hoger
no flags Details

  None (edit)
Description Tomas Hoger 2008-08-20 05:28:05 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3659 to
the following vulnerability:

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.2 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.

References:
http://www.php.net/archive/2008.php#id2008-08-07-1
http://www.openwall.com/lists/oss-security/2008/08/13/8
http://www.openwall.com/lists/oss-security/2008/08/08/4
http://www.openwall.com/lists/oss-security/2008/08/08/3
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://bugs.gentoo.org/show_bug.cgi?id=234102

Upstream patch with test case:
http://news.php.net/php.cvs/52002
Comment 1 Tomas Hoger 2008-08-20 05:30:55 EDT
Created attachment 314616 [details]
Reproducer from upstream CVS

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/explode_bug.phpt
Comment 2 Tomas Hoger 2009-03-25 05:00:23 EDT

*** This bug has been marked as a duplicate of bug 169857 ***

Note You need to log in before you can comment on or make changes to this bug.