Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23190

HistoryApr 10, 2020 - 12:18 a.m.

Arbitrary Code Execution

2020-04-1000:18:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

EPSS

0.02

Percentile

88.9%

php is vulnerable to arbitrary code execution. An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_split function with a user-supplied third argument.

References

cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59

lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

secunia.com/advisories/26642

secunia.com/advisories/26838

secunia.com/advisories/27102

secunia.com/advisories/27864

secunia.com/advisories/28658

www.gentoo.org/security/en/glsa/glsa-200710-02.xml

www.php.net/ChangeLog-5.php#5.2.4

www.php.net/releases/5_2_4.php

www.redhat.com/security/updates/classification/#moderate

www.ubuntu.com/usn/usn-549-2

access.redhat.com/errata/RHSA-2007:0917

issues.rpath.com/browse/RPL-1702

launchpad.net/bugs/173043

usn.ubuntu.com/549-1/

EPSS

0.02

Percentile

88.9%

Related for VERACODE:23190

cvelist1 cve1 ubuntucve2 nvd1 prion1 redhat1 nessus9 openvas13 ubuntu2 freebsd1 suse1 gentoo1