php5. 2. 3 remote CGI buffer overflow vulnerability-vulnerability warning-the black bar safety net

yuange Affected versions: php5. 2. 3 Does not affect the version: other version php5. 2. 3 in processing the CGI of the time, due to a programming error, missing parentheses, and wrong calculation of string length, resulting in a heap buffer overflow and possible remote execution of arbitrary cod...

php5.2.3远程CGI缓冲溢出漏洞

php5.2.3在处理CGI的时候，由于一编程错误（缺少括号），错误计算一字符串长度，导致堆缓冲溢出，可能远程执行任意代码。 触发方式:配置.php到php.exe的CGI映射，请求GET /test.php/aa HTTP/1.1 错误发生在php-5.2.3\sapi\cgi\cgi-man.c line 886: int pathtranslatedlen = ptlen + envpathinfo ? strlenenvpathinfo : 0; 程序应该是 int pathtranslatedlen = ptlen + envpathinfo ? strlenenvpathin...