PHP 5 Substr_Compare Integer Overflow Vulnerability

PHP 5 'substr_compare()' function is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.

A local attacker can exploit this vulnerability to obtain sensitive information (such as stack offsets, variables, and canaries) that may aid in other attacks.

PHP 5.2.1 and earlier versions are reported vulnerable to this issue.


Privacy Statement
Copyright 2010, SecurityFocus