FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- php_variables memory disclosure

Affected packages
mod_php4-twig <= 4.3.8_2
php4 <= 4.3.8_2
php4-cgi <= 4.3.8_2
php4-cli <= 4.3.8_2
php4-dtc <= 4.3.8_2
php4-horde <= 4.3.8_2
php4-nms <= 4.3.8_2
4 <= mod_php <= 4.3.8_2,1
4 <= mod_php4 <= 4.3.8_2,1
php5 <= 5.0.1
php5-cgi <= 5.0.1
php5-cli <= 5.0.1
mod_php5 <= 5.0.1,1

Details

VuXML ID ad74a1bd-16d2-11d9-bc4a-000c41e2cdad
Discovery 2004-09-15
Entry 2004-10-05

Stefano Di Paola reports:

Bad array parsing in php_variables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables.

References

Message 1095267581.2818.13.camel@localhost