FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5557

This CVE name corresponds to:

Entered Topic
2009-03-16 php-mbstring -- php mbstring buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-5557
Phase Assigned(20081215)

Description

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.

References

Source Reference
BUGTRAQ 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
FULLDISC 20081221 CVE-2008-5557 - PHP mbstring buffer overflow
CONFIRM http://bugs.php.net/bug.php?id=45722
CONFIRM http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8
CONFIRM http://www.php.net/ChangeLog-5.php#5.2.7
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035
CONFIRM http://support.apple.com/kb/HT3549
APPLE APPLE-SA-2009-05-12
DEBIAN DSA-1789
FEDORA FEDORA-2009-3768
FEDORA FEDORA-2009-3848
HP HPSBUX02431
HP SSRT090085
HP HPSBUX02465
HP SSRT090192
HP HPSBMA02492
HP SSRT100079
MANDRIVA MDVSA-2009:045
REDHAT RHSA-2009:0350
SUSE SUSE-SR:2009:004
SUSE SUSE-SR:2009:008
CERT TA09-133A
BID 32948
OVAL oval:org.mitre.oval:def:10286
SECTRACK 1021482
SECUNIA 34642
SECUNIA 35003
SECUNIA 35074
SECUNIA 35306
SECUNIA 35650
VUPEN ADV-2009-1297
XF php-multibyte-bo(47525)