Bugtraq mailing list archives
Re: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
From: Dullien () gmx de
Date: Fri, 28 Mar 2003 00:57:41 +0100 (MET)
Hey Mr. Mordred, all,
In PHP emalloc() function implements the error safe wrapper around malloc(). Unfortunately this function suffers from an integer overflow and considering the fact that emalloc() is used in many places around PHP source code, it may lead to many serious security issues.
IIRC this bug was mentioned in a talk at last summers Black Hat conference. http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Dowd Cheers, dullien () gmx de -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
Current thread:
- @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Sir Mordred (Mar 26)
- RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Stefan Esser (Mar 27)
- Re: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Dullien (Mar 27)