MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability

Summary When sqliteudfdecodebinary is called with a string only containing a single 0x01 char this will result in a call to the sqlitedecodebinary function with an empty string as parameter. This leads to an exploitable buffer overflow. Affected versions Affected are PHP 4 4.4.5 and PHP 5 5.2.1...

Buffer overflow

Buffer overflow in the sqlitedecodebinary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqliteudfdecodebinary function with a...

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

CVE-2007-1888

CVE-2007-1888 is a buffer overflow in the SQLite 2 implementation (sqlite_decode_binary in src/encode.c) used by PHP 4.x–5.x and other apps. The issue allows context-dependent attackers to execute arbitrary code via an empty value for the in parameter. The description notes that some PHP installa...

CVE-2007-1888

Removed by vendor...