6 matches found
php: integer overflow leading to heap overflow when reading FTP file listing
An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code...
php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...
UBUNTU-CVE-2015-4022
Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow...
Internet Bug Bounty: Integer overflow in ftp_genlist() resulting in heap overflow
https://bugs.php.net/bug.php?id=69545 Description: ------------ The ftpgenlist function of the ftp extension is prone to an integer overflow, which may result in remote code execution. ext/ftp/ftp.c:ftpgenlist... 1826 size = 0; 1827 lines = 0; 1828 lastch = 0; 1829 while rcvd = myrecvftp, data-fd...
Mandrake Security Advisory MDVSA-2009:167 (php)
The remote host is missing an update to php announced via advisory MDVSA-2009:167. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...
CRLF injection in PHP ftp function
We found that there was one crlf injection in php ftp ftuntion.As same as http,you can inject a 'rn other command' in the paramer of a ftp function like ftpmkdir,and then php would send the rn to your connected ftp server.The server considerd there is a new command,and the other command would be...