PHP 5.4.x < 5.4.17 Buffer Overflow

high Log Correlation Engine Plugin ID 801405

Synopsis

The remote web server uses a version of PHP that is affected by a buffer overflow vulnerability

Description

PHP versions 5.4.x earlier than 5.4.17 are affected by the buffer overflow error that exists in the function '_pdo_pgsql_error' in the file 'ext/pdo_pgsql/pgsql_driver.c'

Solution

Upgrade to PHP version 5.4.17 or later.

See Also

http://bugs.php.net/64949

http://www.php.net/ChangeLog-5.php#5.4.17

Plugin Details

Severity: High

ID: 801405

Family: Web Servers

Published: 7/16/2013

Updated: 7/16/2013

Nessus ID: 67260

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 7/4/2013

Vulnerability Publication Date: 7/4/2013