Users login

Create an account »


Users login

Home » Hacking News » Buffer overflow in PHP

Buffer overflow in PHP

by Nikola Strahija on December 28th, 2002

Please see for details.

If you use the wordwrap() function on user-supplied input, a
specially-crafted input can overflow the allocated buffer and
overwrite the heap. Exploit looks very difficult, but still
theoretically possible.


Bug cause discovered: 10 Dec 2002
PHP team notified: 10 Dec 2002
Bug fixed in CVS: 12 Dec 2002
PHP 4.3.0 released: 27 Dec 2002

Kudos to the PHP team for their extremely rapid reaction.


Don't upgrade from 4.1.2 if you are certain there are no security problems
with your 4.1.2 setup and you may be vulnerable to the wordwrap() bug.

Otherwise, upgrade to 4.3.0

- --
David F. Skoll

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »