6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.034 Low
EPSS
Percentile
91.3%
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP
5.6 through 5.2.6 allows context-dependent attackers to cause a denial of
service (crash) and possibly execute arbitrary code via the delimiter
argument to the explode function. NOTE: the scope of this issue is limited
since most applications would not use an attacker-controlled delimiter, but
local attacks against safe_mode are feasible.
Author | Note |
---|---|
jdstrand | per Debian, php5 -d memory_limit=256M -r \ ‘$res = explode(str_repeat(“A”,145999999),1);’ (From upstream’s ext/standard/tests/strings/explode_bug.phpt) |