Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 4.0 (including) | 4.0 (including) |
| Php | Php | 4.0.1 (including) | 4.0.1 (including) |
| Php | Php | 4.0.2 (including) | 4.0.2 (including) |
| Php | Php | 4.0.3 (including) | 4.0.3 (including) |
| Php | Php | 4.0.4 (including) | 4.0.4 (including) |
| Php | Php | 4.0.5 (including) | 4.0.5 (including) |
| Php | Php | 4.0.6 (including) | 4.0.6 (including) |
| Php | Php | 4.0.7 (including) | 4.0.7 (including) |
| Php | Php | 4.1.0 (including) | 4.1.0 (including) |
| Php | Php | 4.1.1 (including) | 4.1.1 (including) |
| Php | Php | 4.1.2 (including) | 4.1.2 (including) |
| Php | Php | 4.2.0 (including) | 4.2.0 (including) |
| Php | Php | 4.2.1 (including) | 4.2.1 (including) |
| Php | Php | 4.2.2 (including) | 4.2.2 (including) |
| Php | Php | 4.2.3 (including) | 4.2.3 (including) |
| Php | Php | 4.3.0 (including) | 4.3.0 (including) |
| Php | Php | 4.3.1 (including) | 4.3.1 (including) |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000691
- http://marc.info/?l=bugtraq\u0026m=104869828526885\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=104878100719467\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=104931415307111\u0026w=2
- http://www.securityfocus.com/bid/7197
- http://www.securityfocus.com/bid/7198
- http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000691
- http://marc.info/?l=bugtraq\u0026m=104869828526885\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=104878100719467\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=104931415307111\u0026w=2
- http://www.securityfocus.com/bid/7197
- http://www.securityfocus.com/bid/7198