[php-maint] Bug#511493: CVE-2008-5557: buffer overflow

Steffen Joeris steffen.joeris at skolelinux.de
Sun Jan 11 15:30:20 UTC 2009

Package: php5
Severity: grave
Tags: security, patch
Justification: user security hole

the following CVE (Common Vulnerabilities & Exposures) id was
published for php5.

| Heap-based buffer overflow in
| ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring
| extension in PHP 4.3.0 through 5.2.6 allows context-dependent
| attackers to execute arbitrary code via a crafted string containing an
| HTML entity, which is not properly handled during Unicode conversion,
| related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3)
| mb_convert_variables, and (4) mb_parse_str functions.

There are some more information available in the php bugreport[1],
including the PoC which seems to work.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.


For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557
[1] http://bugs.php.net/bug.php?id=45722

More information about the pkg-php-maint mailing list