CVE-2008-3659

Name of the Vulnerable Software and Affected Versions PHP versions 4.4.x through 4.4.8 PHP versions 5.6 through 5.2.6

Description A buffer overflow issue in the memnstr function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the delimiter argument to the explode function. The scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe mode are feasible.

Recommendations For PHP versions 4.4.x through 4.4.8, update to version 4.4.9 or later to resolve the issue. For PHP versions 5.6 through 5.2.6, update to a version later than 5.2.6 to resolve the issue. As a temporary workaround, consider restricting the use of the explode function with user-controlled delimiters to minimize the risk of exploitation.