News Feed
Jobs Feed
Sections




News Archive
Hardened-PHP Project:
Advisory - PHP unserialize() Array Creation Integer Overflow
by Chris Cornutt October 09, 2006 @ 13:41:22

The Hardened-PHP project has just released another advisory about core PHP functionality, specifically in the unserialize function when dealing with arrays.

The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.

It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function.

You can get the full details from this advisory release including a recommendation to patch the installation until it is corrected in the current distribution.

0 comments voice your opinion now!
advisory unserialize core array creation integer overflow advisory unserialize core array creation integer overflow


blog comments powered by Disqus

Similar Posts

Harry Roberts' Blog: Manipulating PHP arrays with SQL

Johannes Schluter's Blog: Features in PHP trunk: Array dereferencing

Sameer Borate's Blog: Finding if an array is ordered

PHPBuilder.com: 10 PHP Tricks for Associative Array Manipulation

NETTUTS.com: How to Create a Wordpress Theme from Scratch: Part 2


 Community Events











Don't see your event here?
Let us know!

release interview opinion code testing zendframework2 phpunit framework development database language composer example series unittest community podcast api introduction functional

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework