thr3ads.net - Secure testing team - [Secure-testing-team] Bug#511493: CVE-2008-5557: buffer overflow [Jan 2009]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2009-Jan-11 15:30 UTC

[Secure-testing-team] Bug#511493: CVE-2008-5557: buffer overflow

Package: php5
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for php5.

CVE-2008-5557[0]:
| Heap-based buffer overflow in
| ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring
| extension in PHP 4.3.0 through 5.2.6 allows context-dependent
| attackers to execute arbitrary code via a crafted string containing an
| HTML entity, which is not properly handled during Unicode conversion,
| related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3)
| mb_convert_variables, and (4) mb_parse_str functions.

There are some more information available in the php bugreport[1],
including the PoC which seems to work.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557
    http://security-tracker.debian.net/tracker/CVE-2008-5557
[1] http://bugs.php.net/bug.php?id=45722

Secure testing team - Jan 2009 - Bug#511493: CVE-2008-5557: buffer overflow

[Secure-testing-team] Bug#511493: CVE-2008-5557: buffer overflow