php: integer overflow leading to heap overflow when reading FTP file listing

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code...

Internet Bug Bounty: Integer overflow in ftp_genlist() resulting in heap overflow

https://bugs.php.net/bug.php?id=69545 Description: ------------ The ftpgenlist function of the ftp extension is prone to an integer overflow, which may result in remote code execution. ext/ftp/ftp.c:ftpgenlist... 1826 size = 0; 1827 lines = 0; 1828 lastch = 0; 1829 while rcvd = myrecvftp, data-fd...