PT-2008-6618 · Php+2 · Php+2
Published
2008-12-23
·
Updated
2018-10-11
·
CVE-2008-5557
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PHP versions 4.3.0 through 5.2.6
Description
A heap-based buffer overflow issue exists in the mbstring extension, specifically in the ext/mbstring/libmbfl/filters/mbfilter htmlent.c file. This issue allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion. The issue is related to several functions, including
mb convert encoding, mb check encoding, mb convert variables, and mb parse str.Recommendations
For PHP versions 4.3.0 through 5.2.6, update to a version that contains a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp-Ux
Php
Red Hat