CVE-2008-5557

Name of the Vulnerable Software and Affected Versions PHP versions 4.3.0 through 5.2.6

Description A heap-based buffer overflow issue exists in the mbstring extension, specifically in the ext/mbstring/libmbfl/filters/mbfilter htmlent.c file. This issue allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion. The issue is related to several functions, including mb convert encoding, mb check encoding, mb convert variables, and mb parse str.

Recommendations For PHP versions 4.3.0 through 5.2.6, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.