The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 up to and including 5.3.2 does not properly calculate a buffer length, which allows context-dependent malicious users to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.3.0 |
||
php php 5.3.1 |
||
php php 5.3.2 |