[php-maint] Bug#359906: Security: Binary safety issue in html_entity_decode() may leak memory

Moritz Naumann info at moritz-naumann.com
Wed Mar 29 13:30:22 UTC 2006

Package: php4
Version: 4:4.4.2-1
Severity: grave
Tags: security
Justification: user security hole

A security issue in PHP has been reported which may allow for disclosing
partial working memory contents on some PHP applications.

Quoting Stefan Esser:
> The bug is a binary safety issue in html_entity_decode. A function
> that is not usually used on user input, because user input is usually
> not expected in HTML format and then decoded. Even if the function is
> used on user input it can only leak memory to a potential attacker if
> the decoded user input is send back to the client.
> The bug was found in late February by one of the japanese PHP
> developers and was fixed in CVS one day later. Because the bug is a
> local memory leak it was not considered top critical and is among the
> usual bugfixes. PHP 5.1.3-RC1 which was released in the beginning of
> March already fixes this issue.

(follow the thread)
(search the page for 'Critical PHP bug' to find additional threads)
[3] http://bugs.gentoo.org/127939

- Developer advisory: "One of the japanese PHP developers" (according to
S. Esser)
- Public disclosure: Tõnu Samuel (tonu at jes.ee)

-- System Information:
Debian Release: testing/unstable

More information about the pkg-php-maint mailing list