News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP Project:
Advisory - PHP unserialize() Array Creation Integer Overflow
October 09, 2006 @ 13:41:22

The Hardened-PHP project has just released another advisory about core PHP functionality, specifically in the unserialize function when dealing with arrays.

The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.

It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function.

You can get the full details from this advisory release including a recommendation to patch the installation until it is corrected in the current distribution.

0 comments voice your opinion now!
advisory unserialize core array creation integer overflow advisory unserialize core array creation integer overflow


blog comments powered by Disqus

Similar Posts

Ahmed Shreef's Blog: Soap Web Services in PHP & hint on consuming from .Net

Elliot Haughin's Blog: CodeIgniter 1.7.x, 'Core' 2.0, CodeIgniter Reactor, Bitbucket, Zips...

Hardened-PHP Project: Advisory - phpMyAdmin Multiple CSRF Vulnerabilities

Stubbles Blog: Two New PHP6 Wishlist Items

Hardened-PHP Project: PHP HTML Entity Encoder Heap Overflow Vulnerability


Community Events





Don't see your event here?
Let us know!


interview release developer refactor symfony2 laravel series testing framework language install configure introduction opinion code list podcast threedevsandamaybe unittest community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework