Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3659 to the following vulnerability: Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.2 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible. References: http://www.php.net/archive/2008.php#id2008-08-07-1 http://www.openwall.com/lists/oss-security/2008/08/13/8 http://www.openwall.com/lists/oss-security/2008/08/08/4 http://www.openwall.com/lists/oss-security/2008/08/08/3 http://www.openwall.com/lists/oss-security/2008/08/08/2 http://bugs.gentoo.org/show_bug.cgi?id=234102 Upstream patch with test case: http://news.php.net/php.cvs/52002
Created attachment 314616 [details] Reproducer from upstream CVS http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/explode_bug.phpt
*** This bug has been marked as a duplicate of bug 169857 ***