PHP base64_encode Function Unspecified Overflow

2003-08-25T00:00:00
ID OSVDB:11667
Type osvdb
Reporter OSVDB
Modified 2003-08-25T00:00:00

Description

Vulnerability Description

PHP contains an issue that may allow an attacker to gain elevated privileges. The issue is due to the base64_encode function not properly sanitizing user-supplied input. By passing crafted data to the function, an attacker can trigger an integer overflow and possibly execute arbitrary code.

Solution Description

Upgrade to version 4.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains an issue that may allow an attacker to gain elevated privileges. The issue is due to the base64_encode function not properly sanitizing user-supplied input. By passing crafted data to the function, an attacker can trigger an integer overflow and possibly execute arbitrary code.

References:

Vendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-4.php#4.3.3 Vendor Specific Advisory URL Related OSVDB ID: 11668 ISS X-Force ID: 13292 CVE-2003-0861 Bugtraq ID: 8693