CVE-2008-2829

Name of the Vulnerable Software and Affected Versions PHP versions 4.x through 5.2.6

Description The issue allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request. This request triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822 write address function.

Recommendations For PHP versions 4.x through 5.2.6, consider updating to a version that does not use obsolete API calls to mitigate the risk of a denial of service or arbitrary code execution. As a temporary workaround, consider restricting the length of IMAP requests to prevent the buffer overflow error.