sapi/fpm/fpm/fpm_log.c in PHP prior to 5.5.31, 5.6.x prior to 5.6.17, and 7.x prior to 7.0.2 misinterprets the semantics of the snprintf return value, which allows malicious users to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.6.2 |
||
php php 5.6.1 |
||
php php 5.6.0 |
||
php php 5.6.14 |
||
php php 5.6.15 |
||
php php 5.6.16 |
||
php php 5.6.9 |
||
php php |
||
php php 5.6.3 |
||
php php 5.6.4 |
||
php php 5.6.12 |
||
php php 5.6.13 |
||
php php 5.6.7 |
||
php php 5.6.8 |
||
php php 7.0.0 |
||
php php 7.0.1 |
||
php php 5.6.10 |
||
php php 5.6.11 |
||
php php 5.6.5 |
||
php php 5.6.6 |