Описание
Integer overflow in the firebird and dblib quoters causing OOB writes
Impact
The following code: https://github.com/php/php-src/blob/5070fbf1613015e351bc4629ac7997b26359320b/ext/pdo_firebird/firebird_driver.c#L805-L808
and the following code: https://github.com/php/php-src/blob/c34b37fe0b5c099fcf506c5400552d6bbb95cd79/ext/pdo_dblib/dblib_driver.c#L164-L174
Can cause integer overflow, or can become a value over ZSTR_MAX_LEN causing an overflow, which eventually turns into an OOB write. This is triggerable on 32-bit especially.
Пакеты
< 8.1.31
8.1.31
< 8.2.26
8.2.26
< 8.3.14
8.3.14
EPSS
CVE ID
Связанные уязвимости
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...
EPSS