News Feed
Jobs Feed
Sections




News Archive
Hardened-PHP Project:
Advisory - PHP unserialize() Array Creation Integer Overflow
by Chris Cornutt October 09, 2006 @ 13:41:22

The Hardened-PHP project has just released another advisory about core PHP functionality, specifically in the unserialize function when dealing with arrays.

The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.

It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function.

You can get the full details from this advisory release including a recommendation to patch the installation until it is corrected in the current distribution.

0 comments voice your opinion now!
advisory unserialize core array creation integer overflow advisory unserialize core array creation integer overflow


blog comments powered by Disqus

Similar Posts

Blue Parabola Blog: The SPL Deserves Some Reiteration

ITJungle.com: System i PHP Drive Going Strong, Zend Says

DevShed: User-defined Interfaces in PHP 5 - Introduction to Core Concepts

Zend Developer Zone: Case Study w/ Zend Core for IBM with DB2 9 - 10k Active DB Connections

Robert Bolton's Blog: Setting up Fedora Core 5 for Zend Framework


 Community Events











Don't see your event here?
Let us know!

functional release introduction community zendframework2 usergroup symfony2 language podcast conference framework rest opinion series interview database development phpunit example testing

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework