The dechunk filter in PHP 5.3 up to and including 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent malicious users to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
opensuse opensuse 11.1 |
||
opensuse opensuse 11.2 |
||
opensuse opensuse 11.3 |
||
suse linux enterprise 11.0 |
||
suse linux enterprise 10.0 |