oss-sec mailing list archives
CVE Request: PHP PECL module APC vulnerable to stack-based buffer overflow
From: Micah Anderson <micah () riseup net>
Date: Sat, 22 Mar 2008 18:58:41 -0400
As this ticket demonstrates, the popular PHP PECL extension APC (Alternative PHP Cache: http://pecl.php.net/package/APC), which is slated for inclusion in PHP core in PHP6, is vulnerable to a stack-based buffer overflow attack due to no bounds checking, which can lead to a privilege escalation. http://pecl.php.net/bugs/bug.php?id=13415 The vulnerable code appeared in the APC CVS on June 30th, so APC 3.0.11 and newer are vulnerable. Thanks, Micah
Current thread:
- CVE Request: PHP PECL module APC vulnerable to stack-based buffer overflow Micah Anderson (Mar 22)
- Re: CVE Request: PHP PECL module APC vulnerable to stack-based buffer overflow Steven M. Christey (Mar 24)