PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
BID:53455
Info
PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
| Bugtraq ID: | 53455 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-2329 |
| Remote: | Yes |
| Local: | No |
| Published: | May 08 2012 12:00AM |
| Updated: | Nov 14 2014 12:01AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
PHP PHP 5.4.2 PHP PHP 5.4.1 PHP PHP 5.4.1RC1-DEV PHP PHP 5.4.0beta2 HP System Management Homepage 7.0 |
| Not Vulnerable: |
PHP PHP 5.4.3 |
Discussion
PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit this issue to execute arbitrary machine code in the context of the PHP process. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit this issue to execute arbitrary machine code in the context of the PHP process. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.
Exploit / POC
PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
References:
References:
- PHP 5.4.3 and PHP 5.3.13 Released! (PHP)
- PHP Homepage (PHP Group)