You are here

U-082: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code

January 17, 2012 - 1:00pm

Addthis

PROBLEM:

PHP Null Pointer Dereference in zend_strndup() Lets Local Users Deny Service

PLATFORM:

PHP Version(s): 5.3.8

ABSTRACT:

A vulnerability was reported in PHP. A local user can cause denial of service conditions.

referenceĀ  LINKS:

PHP Advisory
SecurityTracker Alert ID: 1026524
PHP.net Guide

iMPACT ASSESSMENT:

Medium

Discussion:

The software makes calls to the zend_strndup() function without checking the returned values. A local user can run specially crafted PHP code to trigger a null pointer dereference in zend_strndup() and cause the target service to crash.

Impact:

The oci8 extension is affected. Other extensions are affected.

Solution:

For more information, PHP Downloads

Addthis