FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1384

This CVE name corresponds to:

Entered	Topic
2008-04-25	php -- integer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1384 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-1384
Phase	Assigned(20080318)

Description

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).

References

Source	Reference
SREASONRES	20080320 PHP 5.2.5 and prior : *printf() functions Integer Overflow
BUGTRAQ	20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow
BUGTRAQ	20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
BUGTRAQ	20080527 rPSA-2008-0178-1 php php-mysql php-pgsql
CONFIRM	http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup
CONFIRM	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
CONFIRM	https://issues.rpath.com/browse/RPL-2503
CONFIRM	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
DEBIAN	DSA-1572
GENTOO	GLSA-200811-05
MANDRIVA	MDVSA-2009:022
MANDRIVA	MDVSA-2009:023
SUSE	SUSE-SR:2008:014
UBUNTU	USN-628-1
BID	28392
SECUNIA	30345
SECUNIA	30411
SECUNIA	30967
SECUNIA	31200
SECUNIA	30158
SECUNIA	32746
XF	php-phpsprintfappendstring-overflow(41386)