Bugtraq mailing list archives

Re: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator

From: Dullien () gmx de
Date: Fri, 28 Mar 2003 00:57:41 +0100 (MET)

Hey Mr. Mordred, all,

In PHP emalloc() function implements the error safe wrapper around
malloc().
Unfortunately this function suffers from an integer overflow and
considering the fact that emalloc() is used in many places around PHP
source code, it may lead to many serious security issues.


IIRC this bug was mentioned in a talk at last summers Black Hat conference.

http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Dowd

Cheers,
dullien () gmx de

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

Current thread:

@(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Sir Mordred (Mar 26)
- RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Stefan Esser (Mar 27)
- Re: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Dullien (Mar 27)