Описание
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.
Отчет
Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data to the strval() function. Input passed to the functions is therefore under the full control of the script author and no trust boundary is crossed. As well, an administrator would have to excessively increase the precision settings in order to trigger this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Not affected |
Показывать по
Дополнительная информация
2.1 Low
CVSS2
Связанные уязвимости
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.
Buffer overflow in the strval function in PHP before 5.3.6, when the p ...
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.
Уязвимость функции strval интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании
2.1 Low
CVSS2