CVE-2011-1092

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.6

Description The issue is related to errors in number handling in the ext/shmop/shmop.c component of the PHP programming language interpreter. Exploitation of this issue may allow a remote attacker to cause a denial of service or disclose protected information. Specifically, an integer overflow in the ext/shmop/shmop.c component allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop read function.

Recommendations For PHP versions prior to 5.3.6, update to version 5.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the shmop read function with large third arguments to minimize the risk of exploitation.