Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP < 5.3.26 / 5.4.x < 5.4.16 Heap Based Buffer Overflow

Medium

Synopsis

The remote web server uses a version of PHP that is affected by a heap-based buffer overflow vulnerability.

Description

PHP versions earlier than 5.4.16 and 5.3.26 are affected by a heap based buffer overflow vulnerability due to lack of user input sanitation when parsing strings. (An additional security vulnerability exists while parsing 'mimetype' for MP3 files, which can be exploited to cause a crash in version 5.4.15.)

Solution

Upgrade to PHP version 5.4.16 or 5.3.26, or later.