Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 up to and including 5.3.2 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.3.0 |
||
php php 5.3.1 |
||
php php 5.3.2 |