Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 prior to 4.4.5 and PHP 5 prior to 5.2.1 allows context-dependent malicious users to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
canonical ubuntu linux 7.04 |
||
canonical ubuntu linux 6.10 |
||
canonical ubuntu linux 6.06 |
||
debian debian linux 4.0 |