Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2006-4812

Publish Date: 05 Oct 2006

                							

                source: http://www.securityfocus.com/bid/20349/info

PHP is prone to an integer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data.

An attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

&lt;?

 print_r(unserialize('a:1073741823:{i:0;s:30:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}'));
?&gt;

in function zend_hash_init() int overflow ( ecalloc() )-&gt; heap overflow
here segfault in zend_hash_find() but it's possible to fake the bucket and
exploit a zend_hash_del_index_or_key
i tried a memory dump , just fake the bucked with the pointer of the
$GLOBALS's bucket but segfault before in memory_shutdown...

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

PHP 3 < 5 - ZendEngine ECalloc Integer Overflow

Vulmon Search

About

Products

Connect