213732 – (CVE-2006-5465) CVE-2006-5465 PHP buffer overflow

Bug 213732 (CVE-2006-5465) - CVE-2006-5465 PHP buffer overflow

Summary: CVE-2006-5465 PHP buffer overflow

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2006-5465
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Joe Orton
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:	213543
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-02 19:02 UTC by Josh Bressers
Modified:	2021-11-12 19:35 UTC (History)
CC List:	1 user (show)
Fixed In Version:	php-5.1.6-3.1.fc6
Clone Of:
Environment:
Last Closed:	2007-01-31 17:43:34 UTC
Embargoed:

Attachments	(Terms of Use)

Description Josh Bressers 2006-11-02 19:02:57 UTC

+++ This bug was initially created as a clone of Bug #213543 +++

Stefan Esser told vendor-sec about a buffer overflow in PHP's
htmlentities/htmlspecialchars internal routines.  These flaws are triggered when
handling utf-8 data.  The danger in this flaw is that these functions are
usually passed user input.

The patch for this issue can be found here:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.2&r2=1.111.2.2.2.3

-- Additional comment from bressers on 2006-11-02 13:39 EST --
This issue is public:
http://secunia.com/advisories/22653/


This issue should also affect FC5

Comment 1 Fedora Update System 2006-11-06 15:56:05 UTC

php-5.1.6-1.2 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 2 Fedora Update System 2006-11-06 15:56:50 UTC

php-5.1.6-3.1.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.