PHP 5.4.x < 5.4.35 / 5.5.x < 5.5.19 / 5.6.x < 5.6.3 Out-of-Bounds Read
Medium Nessus Network Monitor Plugin ID 8908
SynopsisThe remote web server uses a version of PHP that is affected by an out-of-bounds read condition.
DescriptionPHP versions 5.4.x prior to 5.4.35, 5.5.x prior to 5.5.19, and 5.6.x prior to 5.6.3 are affected by an out-of-bounds read flaw. Specifically, the Fine Free File library contains an out-of-bounds read flaw in the 'donote()' function in 'readelf.c' that is triggered when handling ELF file note headers (Bug 68283). This may allow a remote attacker to crash an application linked against the library, denying service to legitimate users.
SolutionApply the vendor's patch, or upgrade to the latest version. These issues have been fixed in versions 5.4.35, 5.5.19, 5.6.3 and later.