Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP Mysqlnd扩展'mysqlnd_wireprotocol.c'信息泄露漏洞
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP 5.3至5.3.2版本中的Mysqlnd扩展中的mysqlnd_wireprotocol.c存在漏洞。远程攻击者可以(1)借助修改长度值读取敏感内存,此漏洞不能由php_mysqlnd_ok_read函数正确处理,(2)借助修改长度值触发基于堆的缓冲区溢出,此漏洞不能由php_mysqlnd_rset_header_read函数正确处理。
CVSS Information
N/A
Vulnerability Type
N/A