N/A

The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.

N/A

N/A

PHP多个缓冲区溢出漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的(1) parse_str，(2)preg_match，(3) unpack，和(4)pack函数；(5)ZEND_FETCH_RW，(6)ZEND_CONCAT，和(7)ZEND_ASSIGN_CONCAT操作码；以及(8)ArrayObject::uasort方法存在漏洞，攻击者可引发内部函数或处理程序的用户空间被破坏，从而获取敏感信息(内存内容)，或触发内存破坏。

N/A

N/A