|
|
BugTraq
@(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Mar 26 2003 12:38PM Sir Mordred (mordred s-mail com) (2 replies) RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Mar 27 2003 10:03AM Stefan Esser (s esser e-matters de) |
|
Privacy Statement |
> In PHP emalloc() function implements the error safe wrapper around
> malloc().
> Unfortunately this function suffers from an integer overflow and
> considering the fact that emalloc() is used in many places around PHP
> source code, it may lead to many serious security issues.
IIRC this bug was mentioned in a talk at last summers Black Hat conference.
http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Dowd
Cheers,
dullien (at) gmx (dot) de [email concealed]
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
[ reply ]