CVE-2002-1396

Name of the Vulnerable Software and Affected Versions PHP versions 4.1.2 through 4.2.3 PHP version 4.3.0 is not affected, but since the range is specified as after 4.1.2 and before 4.3.0, we can simplify it to: PHP versions 4.1.3 through 4.2.3

Description The issue is related to a heap-based buffer overflow in the wordwrap function in PHP, which may allow attackers to cause a denial of service or execute arbitrary code. A remote attacker could overflow a buffer and execute arbitrary code on the server or cause the Web server to crash by sending a specially-crafted request to an affected Web server.

Recommendations For PHP versions 4.1.3 through 4.2.3, update to a version after 4.2.3 to resolve the issue. As a temporary workaround, consider disabling the wordwrap() function until a patch is available.