PHPDeveloper.org: Hardened-PHP Project: Advisory - PHP unserialize() Array Creation Integer Overflow

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

News Archive

DevShed: Authentication Scripts for a User Management Application

Community News: PHP Advent 2008

Ibuildings Blog: Zend_Paginator: First Impressions

Community News: Latest PECL Releases for 12.02.2008

Till's Blog: ZendFramework (performance) II

Sebastian Bergmann's Blog: Freezing and Thawing PHP Objects

Jani Hartikainen's Blog: NetBeans 6.5 review (with PHP support)

Rob Allen's Blog: File uploads with Zend_Form_Element_File

PHPro.org: Calculate Friday The 13th With Datetime Class

Marco Tabini's Blog: It turns out, I was wrong

Hardened-PHP Project:
Advisory - PHP unserialize() Array Creation Integer Overflow

by Chris Cornutt October 09, 2006 @ 13:41:22

The Hardened-PHP project has just released another advisory about core PHP functionality, specifically in the unserialize function when dealing with arrays.

The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.

It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function.

You can get the full details from this advisory release including a recommendation to patch the installation until it is corrected in the current distribution.

0 comments voice your opinion now!
advisory unserialize core array creation integer overflow advisory unserialize core array creation integer overflow

Similar Posts

Felix Geisendorfer's Blog: Model::save() now returns an array!

Secunia.com: PHP Integer Overflow Vulnerability and Security Bypass

Advisory: Gentoo Linux PHP Package Upgrade

MySQL Performance Blog: Integers in PHP, running with scissors, and portability

Hardened-PHP Project: Advisory - PHP unserialize() Array Creation Integer Overflow

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework